Displaying 20 results from an estimated 1000 matches similar to: "[Bug 808] segfault if not using pam/keyboard-interactive mech and password's expired"
2004 Apr 14
2
[Bug 808] segfault if not using pam/keyboard-interactive mech and password's expired
http://bugzilla.mindrot.org/show_bug.cgi?id=808
dtucker at zip.com.au changed:
What |Removed |Added
----------------------------------------------------------------------------
OtherBugsDependingO| |821
nThis| |
------- Additional Comments From dtucker at zip.com.au 2004-04-13 19:07 -------
2004 Mar 06
0
[Bug 808] segfault if not using pam/keyboard-interactive mech and password's expired
bugzilla-daemon at mindrot.org wrote:
>Summary: segfault if not using pam/keyboard-interactive mech and
> password's expired
I'm sorry to report that there is a bug in the PAM code in OpenSSH
3.8p1, and sorrier to say that I put it there. This is a NULL pointer
dereference and is *not* considered to be a security vulnerability.
When sshd is configured --with-pam, run with
2004 Mar 26
2
[Bug 819] patch to add kerberos password-changing
http://bugzilla.mindrot.org/show_bug.cgi?id=819
Summary: patch to add kerberos password-changing
Product: Portable OpenSSH
Version: 3.8p1
Platform: UltraSparc
OS/Version: Solaris
Status: NEW
Severity: enhancement
Priority: P2
Component: Kerberos support
AssignedTo: openssh-bugs at mindrot.org
2003 May 12
2
[Bug 563] getaddrinfo() in libopenbsd-compat.a breaks heimdal-linked pam_krb5
http://bugzilla.mindrot.org/show_bug.cgi?id=563
Summary: getaddrinfo() in libopenbsd-compat.a breaks heimdal-
linked pam_krb5
Product: Portable OpenSSH
Version: -current
Platform: Sparc
OS/Version: Solaris
Status: NEW
Severity: normal
Priority: P2
Component: Miscellaneous
2004 Feb 07
14
[Bug 14] Can't change expired /etc/shadow password without PAM
http://bugzilla.mindrot.org/show_bug.cgi?id=14
dtucker at zip.com.au changed:
What |Removed |Added
----------------------------------------------------------------------------
OtherBugsDependingO| |793
nThis| |
------- You are receiving this mail because: -------
You are on the CC list for
2004 Apr 23
1
Solaris core dumps
Hi,
I'm busy trying to get OpenSSH 3.8p1 working on Solaris 8. I'm having a
bit of trouble, mostly because I want it to work right beyond simply
logging in.
I've given up trying to use privilege separation because it doesn't
play nicely with PAM and BSM (I haven't applied the BSM patches yet).
When I log in with public key authentication and my password has
expired, sshd
2004 Mar 29
2
Flags in pam_password_change_required() (auth-pam.c)
Hi
I just "stumbled" over the flags settings in
pam_password_change_required().
As far as I looked over the OpenSSH code, setting/resetting the 2nd bit
in those flags from auth-options.c whould only make sense if the flags
are checked to be 0/1 in the remaining OpenSSH code.
Frank
2002 Jul 02
3
New PAM kbd-int diff
Below is a new PAM kbd-int diff based on FreeBSD's code. This code makes
PAM kbd-int work with privilege separation.
Contrary to what I have previously stated - it *does* handle multiple
prompts. What it does not handle is multiple passes through the PAM
conversation function, which would be required for expired password
changing.
I would really appreciate some additional eyes over the
2002 Jun 25
4
PAM kbd-int with privsep
The following is a patch (based on FreeBSD code) which gets kbd-int
working with privsep. It moves the kbd-int PAM conversation to a child
process and communicates with it over a socket.
The patch has a limitation: it does not handle multiple prompts - I have
no idea how common these are in real-life. Furthermore it is not well
tested at all (despite my many requests on openssh-unix-dev@).
-d
2003 Dec 07
0
[PATCH] Do PAM chauthtok via keyboard-interactive.
Hi All.
Attached is another patch that attempts to do pam_chauthtok() via SSH2
keyboard-interactive authentication. It now passes the results from the
authentication thread back to the monitor (based on a suggestion from
djm).
Because of this, it doesn't call do_pam_account twice and consequently
now works on AIX 5.2, which the previous version didn't. I haven't tested
it on any
2010 Jul 13
5
[Bug 1795] New: An integer variable "num" in mm_answer_pam_query() is not initialized before used
https://bugzilla.mindrot.org/show_bug.cgi?id=1795
Summary: An integer variable "num" in mm_answer_pam_query() is
not initialized before used
Product: Portable OpenSSH
Version: 5.5p1
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P2
Component: PAM support
2006 Oct 02
2
[Bug 1241] Connections to Tru64 hosts hang when password is expired.
http://bugzilla.mindrot.org/show_bug.cgi?id=1241
Summary: Connections to Tru64 hosts hang when password is
expired.
Product: Portable OpenSSH
Version: 4.4p1
Platform: Alpha
OS/Version: OSF/1
Status: NEW
Keywords: patch
Severity: normal
Priority: P2
Component: sshd
2018 May 24
2
Password change required but no TTY available
Hi,
I upgraded for one of our products the SSH server to the portal OpenSSH
7.7p1 release. While testing I observed a change in the behavior for
expired passwords.
The commit 7c8568576071 ("upstream: switch over to the new
authorized_keys options API and") dropped the 'allowed pty' option when
the password has expired. By adding this hack here, I got it
back to the old
2001 Jan 30
1
PAM namespace.
auth-pam.c declares some new functions in the pam_ namespace that are not
part of PAM.
pam_password_change_required()
pam_msg_cat()
pam_cleanup_proc()
Purely to avoid any possible future problems I would suggest changing
these so they do not being with pam_, suggestions include:
__ssh_pam_msg_cat()
ssh_pam_msg_cat()
do_pam_msg_cat()
cat_pam_msg()
Please don't take this as a hint that
2006 Dec 29
3
Incremental file-list recursion has landed in CVS
For those that like to assist in the testing of rsync, the CVS version
now defaults to doing an incremental file-list scan when it is recursing
through the directories. This avoids keeping the whole file list in
memory, and allows the transfer to start working on changed files before
it has completed the recursive scan of the sending side.
The code appears to be working well so far, but there
2006 May 03
8
[Bug 1188] keyboard-interactive should not allow retry after pam_acct_mgmt fails
http://bugzilla.mindrot.org/show_bug.cgi?id=1188
Summary: keyboard-interactive should not allow retry after
pam_acct_mgmt fails
Product: Portable OpenSSH
Version: -current
Platform: Other
OS/Version: All
Status: NEW
Severity: normal
Priority: P2
Component: PAM support
2006 May 04
2
xmalloc(foo*bar) -> xcalloc(foo, bar) for Portable
Hi All.
While wandering in auth-pam.c I noticed that there's a few Portable-specific
escapees from the xmalloc(foo * bar) cleanup.
There's also a "probably can't happen" integer overflow in
ssh-rand-helper.c with the memset:
num_cmds = 64;
- entcmd = xmalloc(num_cmds * sizeof(entropy_cmd_t));
+ entcmd = xcalloc(num_cmds, sizeof(entropy_cmd_t));
2004 May 04
3
Error with USE_POSIX_THREADS and OpenSSH-3.8p1
Hello,
I am using OpenSSH-3.8p1 on HP-UX machine with USE_POSIX_THREADS option.
This is for making the kerberos credentials file to be created in the system
with PAM. In OpenSSH versions 3.5 when authentication is done with pam
kerberos, a /tmp/krb5cc_X_Y file is created on the server side. But the
KRB5CCNAME variable is not set by default. So, after we manually set this
environment variable, the
2006 Sep 18
1
BSD Auth: set child environment variables requested by login script [PATCH]
Hello,
in the BSD Authentication system the login script can request environment
variables to be set/unset. The call to auth_close() in auth-passwd.c does
change the current environment, but those changes are lost for the child
environment.
It would be really useful to add some kind of mechanism to get
those changes into the child environment. I've added two possible
solutions. Both
2003 Aug 24
12
[Bug 423] Workaround for pw change in privsep mode (3.5.p1)
http://bugzilla.mindrot.org/show_bug.cgi?id=423
dtucker at zip.com.au changed:
What |Removed |Added
----------------------------------------------------------------------------
OtherBugsDependingO| |627
nThis| |
Status|NEW |ASSIGNED
------- Additional