Displaying 20 results from an estimated 6000 matches similar to: "[Bug 892] Send output from PAM account modules to user"
2004 Sep 14
1
PATCH: Public key authentication defeats passwd age warning.
All,
I tried to sign up for this list a few weeks ago, but I don't think
it worked. After I confirmed my intention to be on the list, I only
got one single message from someone on the list, and that was it.
So, either this is a particularly quiet list, or my subscription
was dropped somehow just after it was made. So, if you could kindly
CC me directly on any responses to this, I sure would
2004 Dec 28
2
LinuxPAM and sshd: changing conversation function doesn't work but claims to.
Hi.
I'm one of the OpenSSH developers, and I've done some of the work on
sshd's PAM interface recently.
I've discovered some behaviour peculiar to LinuxPAM that I can't
explain: changing the conversation function does not appear to work,
even though the pam_set_item() call claims to succeed. The previous
conversation function is still called.
Background: the PAM API
2016 Mar 07
2
[Bug 2549] New: [PATCH] Allow PAM conversation for pam_setcred for keyboard-interactive authentication
https://bugzilla.mindrot.org/show_bug.cgi?id=2549
Bug ID: 2549
Summary: [PATCH] Allow PAM conversation for pam_setcred for
keyboard-interactive authentication
Product: Portable OpenSSH
Version: 7.1p2
Hardware: Sparc
OS: Solaris
Status: NEW
Severity: enhancement
Priority: P5
2005 Sep 21
23
[Bug 1087] SSH fails to show PAM password expiry message from LDAP on login
http://bugzilla.mindrot.org/show_bug.cgi?id=1087
djm at mindrot.org changed:
What |Removed |Added
----------------------------------------------------------------------------
Group|Portable OpenSSH |
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
2011 Mar 18
1
Problem with pam-auth and winbind
Hi
I try to use windbind rule to authenticate users in dovecot login procedure.
/etc/nsswitch.conf file:
passwd: files winbind
shadow: files winbind
group: files winbind
Configuration of the dovecot is follows:
log_path: /var/log/dovecot/error.log
info_log_path: /var/log/dovecot/info.log
protocols: imap imaps pop3 pop3s
ssl_cert_file: /etc/pki/tls/certs/dovecot.pem
ssl_key_file:
2002 Mar 26
2
SSH / PAM / Kerberos / password aging
Ok, so, things are complicated.
The PAM standard insists on password aging being done after account
authorization, which comes after user authentication. Kerberos can't
authenticate users whose passwords are expired.
So PAM_KRB5 implementations tend to return PAM_SUCCESS from
pam_krb5:pam_sm_authenticate() and arrange for pam_krb5:pam_sm_acct_mgmt()
to return PAM_NEW_AUTHTOK_REQD, as
2004 Nov 16
1
conversation function for pam_acct_mgmt failing?
I'm trying to use PAM on Solaris 8 with sshd (openssh 3.9p1) to run
the pam_acct_mgmt function and give some feedback to the user
if/when their account doesn't meet the necessary local requirements.
Things work fine when I use rlogin, i.e. a user gets authenticated
by typing in their password, and if their account has been suspended
(locally written programs maintain a database which a
2011 Mar 24
2
Problem with pam-auth and winbind
Hi
I try to use windbind rule to authenticate users in dovecot login procedure.
/etc/nsswitch.conf file:
passwd: files winbind
shadow: files winbind
group: files winbind
when I try logon from my console to dovecot (pop3 server):
# telnet komp14 110
Trying 10.10.10.38...
Connected to komp.xxx.xxx (10.10.10.38).
Escape character is '^]'.
+OK Dovecot ready.
user tt1
+OK
pass xxxxxxxxx
-ERR
2009 Jul 13
0
openssh conversation failure issue on HPUX
Openssh 5.0p1 on HPUX 11.23.
Here is the message:
Jun 15 13:21:28 a300sua0 sshd[10798]: pam_setcred: error Permission
denied
See
http://www.docs.hp.com/en/T1471-90033/ch01s06.html
We track the issue to sshpam_cleanup() which resets the conversation
function pointer to sshpam_null_conv() before calling pam_setcred with
PAM_DELETE_CRED. sshpam_null_conv() always just returns PAM_CONV_ERR.
It
2000 Sep 13
2
auth-pam.c support for pam_chauthtok()
When we installed OpenSSH 2.1.1p4 on our Solaris systems, our users
noticed that it did not honor password expiration consistently with
other Solaris login services.
The patch below is against OpenSSH 2.2.0p1 and adds support for PAM
password changes on expiration via pam_chauthtok(). A brief summary of
changes:
auth-pam.c:
* change declaration of pamh to "static pam_handle_t *pamh",
2005 Feb 15
1
Is it possible to avoid PAM calls for key based Auth methods
Hello All,
Im using OpenSSH-3.9p1 configured for PAM,krb etc.. When I use Key based
auth methods such as Public key,gssapi etc, this skips the
pam_authenticate() call and directly calls pam_acct_mgmt(). This results in
a failed attempt with few of my own PAM modules. Is there any way to
implement this facility to be controlled by a directive in sshd_config. I
mean PAM calls should not be
2002 Oct 29
2
Re: pam + radius
On Tue, 2002-10-29 at 05:01, Hielke Christian Braun wrote:
> i am trying to use dovecot with pam and radius. My users have names
> in the format joe at somedomain.com. When i have pam configured to use
> the normal passwd/shadow files it works fine. With radius it does not.
> I see at the radius server that the domain part of my usernames
> is always replaced with the same domain
2002 May 22
3
Openssh still logs in while passwd is locked
>Using OpenSSH 3.1p1 on a Sun Solaris 7 box, I disabled an account using the
>'passwd -l ...' command to lock the users password. However, the user can
>still access the system via ssh. Whilst I could do other things such as
>moving their .ssh directory, removing their account home directory, etc,
>etc, is there some 'nicer' way to inform ssh that the account is now
2014 Jun 18
15
[Bug 2246] New: PAM enhancements for OpenSSH server
https://bugzilla.mindrot.org/show_bug.cgi?id=2246
Bug ID: 2246
Summary: PAM enhancements for OpenSSH server
Product: Portable OpenSSH
Version: 6.6p1
Hardware: Sparc
OS: Solaris
Status: NEW
Severity: enhancement
Priority: P5
Component: PAM support
Assignee: unassigned-bugs at
2000 Jul 03
2
2.1.1p2 HP-UX 11 PAM General Commerical Security error
Trying 2.1.1p2 on HP-UX 11 (trusted system) I get:
Jul 3 14:24:53 robinson sshd[1236]: debug: Encryption type: 3des
Jul 3 14:24:53 robinson sshd[1236]: debug: Received session key; encryption turned on.
Jul 3 14:24:53 robinson sshd[1236]: debug: Installing crc compensation attack detector.
Jul 3 14:24:53 robinson sshd[1236]: debug: Starting up PAM with username "stevesk"
Jul 3
2001 Sep 05
1
reinit_creds (was Re: OpenSSHd barfs upon reauthentication: PAM, Solaris 8)
>> >Could we please have a clarification on the semantics of
>> >PAM_CRED_ESTABLISH vs. the semantics of PAM_REINITIALIZE_CREDS?
>>
>> My interpretation is:
>>
>> You call PAM_ESTABLISH_CRED to create them
>> You call PAM_REINITIALIZE_CRED to update creds that can expire over time,
>> for example a kerberos ticket.
Oops. I meant
2006 May 03
8
[Bug 1188] keyboard-interactive should not allow retry after pam_acct_mgmt fails
http://bugzilla.mindrot.org/show_bug.cgi?id=1188
Summary: keyboard-interactive should not allow retry after
pam_acct_mgmt fails
Product: Portable OpenSSH
Version: -current
Platform: Other
OS/Version: All
Status: NEW
Severity: normal
Priority: P2
Component: PAM support
2004 Nov 08
6
[Bug 951] SSH2 protocol breaks pam chroot auth
http://bugzilla.mindrot.org/show_bug.cgi?id=951
Summary: SSH2 protocol breaks pam chroot auth
Product: Portable OpenSSH
Version: 3.9p1
Platform: Other
URL: ---
OS/Version: Linux
Status: NEW
Severity: major
Priority: P2
Component: PAM support
AssignedTo: openssh-bugs at mindrot.org
2020 Sep 08
23
[Bug 3210] New: Confusing errors when pam_acct_mgmt() fails
https://bugzilla.mindrot.org/show_bug.cgi?id=3210
Bug ID: 3210
Summary: Confusing errors when pam_acct_mgmt() fails
Product: Portable OpenSSH
Version: 8.3p1
Hardware: Other
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: PAM support
Assignee:
2005 Jun 08
1
Possible security flaw in OpenSSH and/or pam_krb5
openssh-unix-dev at mindrot.org
kerberos at ncsa.uiuc.edu
We believe there is a security flaw in either OpenSSH and/or RedHat's pam_krb5
module. When a Kerberos principal has the REQUIRES_PWCHANGE
(+needchange) flag set, OpenSSH+pam_krb5 will still successfully
authenticate the user. Local 'su' and 'login' fail in this case which
leads us to believe it's at least