similar to: [Bug 808] segfault if not using pam/keyboard-interactive mech and password's expired

http://bugzilla.mindrot.org/show_bug.cgi?id=808 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- OtherBugsDependingO| |821 nThis| | ------- Additional Comments From dtucker at zip.com.au 2004-04-13 19:07 -------

bugzilla-daemon at mindrot.org wrote: >Summary: segfault if not using pam/keyboard-interactive mech and > password's expired I'm sorry to report that there is a bug in the PAM code in OpenSSH 3.8p1, and sorrier to say that I put it there. This is a NULL pointer dereference and is *not* considered to be a security vulnerability. When sshd is configured --with-pam, run with

http://bugzilla.mindrot.org/show_bug.cgi?id=819 Summary: patch to add kerberos password-changing Product: Portable OpenSSH Version: 3.8p1 Platform: UltraSparc OS/Version: Solaris Status: NEW Severity: enhancement Priority: P2 Component: Kerberos support AssignedTo: openssh-bugs at mindrot.org

http://bugzilla.mindrot.org/show_bug.cgi?id=563 Summary: getaddrinfo() in libopenbsd-compat.a breaks heimdal- linked pam_krb5 Product: Portable OpenSSH Version: -current Platform: Sparc OS/Version: Solaris Status: NEW Severity: normal Priority: P2 Component: Miscellaneous

http://bugzilla.mindrot.org/show_bug.cgi?id=14 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- OtherBugsDependingO| |793 nThis| | ------- You are receiving this mail because: ------- You are on the CC list for

Hi, I'm busy trying to get OpenSSH 3.8p1 working on Solaris 8. I'm having a bit of trouble, mostly because I want it to work right beyond simply logging in. I've given up trying to use privilege separation because it doesn't play nicely with PAM and BSM (I haven't applied the BSM patches yet). When I log in with public key authentication and my password has expired, sshd

Hi I just "stumbled" over the flags settings in pam_password_change_required(). As far as I looked over the OpenSSH code, setting/resetting the 2nd bit in those flags from auth-options.c whould only make sense if the flags are checked to be 0/1 in the remaining OpenSSH code. Frank

Below is a new PAM kbd-int diff based on FreeBSD's code. This code makes PAM kbd-int work with privilege separation. Contrary to what I have previously stated - it *does* handle multiple prompts. What it does not handle is multiple passes through the PAM conversation function, which would be required for expired password changing. I would really appreciate some additional eyes over the

The following is a patch (based on FreeBSD code) which gets kbd-int working with privsep. It moves the kbd-int PAM conversation to a child process and communicates with it over a socket. The patch has a limitation: it does not handle multiple prompts - I have no idea how common these are in real-life. Furthermore it is not well tested at all (despite my many requests on openssh-unix-dev@). -d

Hi All. Attached is another patch that attempts to do pam_chauthtok() via SSH2 keyboard-interactive authentication. It now passes the results from the authentication thread back to the monitor (based on a suggestion from djm). Because of this, it doesn't call do_pam_account twice and consequently now works on AIX 5.2, which the previous version didn't. I haven't tested it on any

https://bugzilla.mindrot.org/show_bug.cgi?id=1795 Summary: An integer variable "num" in mm_answer_pam_query() is not initialized before used Product: Portable OpenSSH Version: 5.5p1 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: PAM support

http://bugzilla.mindrot.org/show_bug.cgi?id=1241 Summary: Connections to Tru64 hosts hang when password is expired. Product: Portable OpenSSH Version: 4.4p1 Platform: Alpha OS/Version: OSF/1 Status: NEW Keywords: patch Severity: normal Priority: P2 Component: sshd

Hi, I upgraded for one of our products the SSH server to the portal OpenSSH 7.7p1 release. While testing I observed a change in the behavior for expired passwords. The commit 7c8568576071 ("upstream: switch over to the new authorized_keys options API and") dropped the 'allowed pty' option when the password has expired. By adding this hack here, I got it back to the old

auth-pam.c declares some new functions in the pam_ namespace that are not part of PAM. pam_password_change_required() pam_msg_cat() pam_cleanup_proc() Purely to avoid any possible future problems I would suggest changing these so they do not being with pam_, suggestions include: __ssh_pam_msg_cat() ssh_pam_msg_cat() do_pam_msg_cat() cat_pam_msg() Please don't take this as a hint that

For those that like to assist in the testing of rsync, the CVS version now defaults to doing an incremental file-list scan when it is recursing through the directories. This avoids keeping the whole file list in memory, and allows the transfer to start working on changed files before it has completed the recursive scan of the sending side. The code appears to be working well so far, but there

http://bugzilla.mindrot.org/show_bug.cgi?id=1188 Summary: keyboard-interactive should not allow retry after pam_acct_mgmt fails Product: Portable OpenSSH Version: -current Platform: Other OS/Version: All Status: NEW Severity: normal Priority: P2 Component: PAM support

Hi All. While wandering in auth-pam.c I noticed that there's a few Portable-specific escapees from the xmalloc(foo * bar) cleanup. There's also a "probably can't happen" integer overflow in ssh-rand-helper.c with the memset: num_cmds = 64; - entcmd = xmalloc(num_cmds * sizeof(entropy_cmd_t)); + entcmd = xcalloc(num_cmds, sizeof(entropy_cmd_t));

Hello, I am using OpenSSH-3.8p1 on HP-UX machine with USE_POSIX_THREADS option. This is for making the kerberos credentials file to be created in the system with PAM. In OpenSSH versions 3.5 when authentication is done with pam kerberos, a /tmp/krb5cc_X_Y file is created on the server side. But the KRB5CCNAME variable is not set by default. So, after we manually set this environment variable, the

Hello, in the BSD Authentication system the login script can request environment variables to be set/unset. The call to auth_close() in auth-passwd.c does change the current environment, but those changes are lost for the child environment. It would be really useful to add some kind of mechanism to get those changes into the child environment. I've added two possible solutions. Both

http://bugzilla.mindrot.org/show_bug.cgi?id=423 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- OtherBugsDependingO| |627 nThis| | Status|NEW |ASSIGNED ------- Additional