Displaying 20 results from an estimated 60000 matches similar to: "[Bug 445] User DCE Credentials do not get forwarded to child session"
2002 Nov 26
0
[Bug 445] New: User DCE Credentials do not get forwarded to child session
http://bugzilla.mindrot.org/show_bug.cgi?id=445
Summary: User DCE Credentials do not get forwarded to child
session
Product: Portable OpenSSH
Version: 3.4p1
Platform: Alpha
OS/Version: OSF/1
Status: NEW
Severity: normal
Priority: P2
Component: ssh
AssignedTo: openssh-unix-dev at
2003 May 15
1
[Bug 445] User DCE Credentials do not get forwarded to child session
http://bugzilla.mindrot.org/show_bug.cgi?id=445
------- Additional Comments From djm at mindrot.org 2003-05-15 21:39 -------
I am not sure I understand (my Kerberos knowledge isn't so great):
We already set this for Krb5 auth:
#ifdef KRB5
if (s->authctxt->krb5_ticket_file)
child_set_env(&env, &envsize, "KRB5CCNAME",
s->authctxt->krb5_ticket_file);
2003 May 20
2
[Bug 445] User DCE Credentials do not get forwarded to child session
http://bugzilla.mindrot.org/show_bug.cgi?id=445
------- Additional Comments From simon at sxw.org.uk 2003-05-21 00:49 -------
The existing code only handles the situation where Kerberos
credentials are created by the OpenSSH's krb5 code. What would appear
to be happening under OSF/1 is that one of the calls used to verify
the users login is, as a by-product, creating the credentials
2003 Jan 07
1
[Bug 445] User DCE Credentials do not get forwarded to child session
http://bugzilla.mindrot.org/show_bug.cgi?id=445
------- Additional Comments From djm at mindrot.org 2003-01-07 12:20 -------
The attached patch has been corrupted - please attach it (in "diff -u" format)
to the bug using the "Create Attachment" link
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
2017 Apr 11
0
Good practices to make a Kerberos "mount.cifs" launched by root but with the credentials of another user
Hi,
I have a Debian Stretch computer which is a "samba4 member
server" of an Samba4 AD domain (versions etc. are mentioned
at the end of the message). I think my config is OK and I
can open a _graphical_ session with an AD account user. The
display manager of the computer is Lightdm. For for instance,
I can open a graphical session with the AD account bob (uid
== 14001). In this case, I
2003 Nov 12
2
[Bug 757] KRB5CCNAME inherited from root's environment under AIX
http://bugzilla.mindrot.org/show_bug.cgi?id=757
Summary: KRB5CCNAME inherited from root's environment under AIX
Product: Portable OpenSSH
Version: -current
Platform: PPC
OS/Version: AIX
Status: NEW
Severity: minor
Priority: P2
Component: sshd
AssignedTo: openssh-bugs at mindrot.org
2005 May 12
2
Problems with PAM environments in ssh
I?ve stumbled across a rather obscure problem with ssh. My machine is
setup to use Kerberos authentication, i.e., I use the pam_krb5 module in
the ssh auth section of the PAM configuration file and I have sshd
compiled to accept valid Kerberos 5 tickets as well. I also use OpenAFS,
so I?ve got the pam_openafs_session module in the ssh session section of
the PAM configuration file.
Everything
2005 Nov 27
3
OpenSSH and Kerberos / Active Directory authentication problems: Credentials cache permission incorrect / No Credentials Cache found
Greetings,
I'm working on the infrastructure of a medium size client/server
environment using an Active Directory running on Windows Server 2003 for
central authentication of users on linux clients.
Additionally OpenAFS is running using Kerberos authentication through
Active Directory as well.
Now I want to grant users remote access to their AFS data by logging in
into a central OpenSSH
2005 Jun 29
3
sshd deletes the GSSAPI ticket on exit
Hello All,
I have run into a situation where a user exiting from a
PAM_KERBEROS-authenticated session runs the risk of deleting a
kinit-generated credentials file that was already sitting on the server. I
will explain the problem in detail, but let me begin with my question. It
has a specific reference to PAM_KERBEROS, but it can also be a general
question.
If a user (ssh) session was
2003 Nov 11
1
AIX KRB5CCNAME problem
I believe there is a bug in how AIX handles the KRB5CCNAME environment
variable. The symptom occurs when a root user restarts sshd while they
have KRB5CCNAME set; all of the resulting client connections will inherit
the same KRB5CCNAME variable. This can occur if the admin uses 'ksu' or
some other kerberized method of obtaining root privileges.
Investigating this problem, I stumbled
2009 May 23
2
Memory leak caused by forwarded GSSAPI credential store
Hi guys
While debugging a GSSAPI memory allocation problem not related to OpenSSH, I found a memory leak in OpenSSH when storing forwarded GSSAPI credentials resulting in a growing process segment for each connection that uses GSSAPI credentials forwarding. What happens is the following:
In the privileged parent, we are calling ssh_gssapi_storecreds() which itself calls
2009 May 23
7
[Bug 1601] New: Memory leak caused by forwarded GSSAPI credential store
https://bugzilla.mindrot.org/show_bug.cgi?id=1601
Summary: Memory leak caused by forwarded GSSAPI credential
store
Product: Portable OpenSSH
Version: 5.2p1
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P2
Component: sshd
AssignedTo: unassigned-bugs at
2004 May 04
3
Error with USE_POSIX_THREADS and OpenSSH-3.8p1
Hello,
I am using OpenSSH-3.8p1 on HP-UX machine with USE_POSIX_THREADS option.
This is for making the kerberos credentials file to be created in the system
with PAM. In OpenSSH versions 3.5 when authentication is done with pam
kerberos, a /tmp/krb5cc_X_Y file is created on the server side. But the
KRB5CCNAME variable is not set by default. So, after we manually set this
environment variable, the
2004 Apr 08
0
Some basic questions about accessing DFS/DCE shares with SAMBA 3.0
Hi Guys-
We are a group involved in a project to move an application from Windows
to AIX, and part of the application involves reading OSF DFS shares, and
making the filesystem available to Windows machines through SAMBA. The
conversion of the application has gone well, but it is our first time
using SAMBA and I have some questions that hopefully are not too dumb,
and if they are, we would gladly
2005 Jan 11
11
[Bug 914] [RELENG] Bugs planned to be fixed *after* 3.9
http://bugzilla.mindrot.org/show_bug.cgi?id=914
dtucker at zip.com.au changed:
What |Removed |Added
----------------------------------------------------------------------------
BugsThisDependsOn| |971
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
2003 May 12
3
[Bug 560] Privsep child continues to run after monitor killed.
http://bugzilla.mindrot.org/show_bug.cgi?id=560
Summary: Privsep child continues to run after monitor killed.
Product: Portable OpenSSH
Version: -current
Platform: ix86
URL: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=164797
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P2
2003 Dec 23
5
[Bug 757] KRB5CCNAME inherited from root's environment under AIX
http://bugzilla.mindrot.org/show_bug.cgi?id=757
dtucker at zip.com.au changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #498 is|0 |1
obsolete| |
------- Additional Comments From dtucker at zip.com.au 2003-12-23 00:44 -------
2004 Aug 23
8
[Bug 918] ssh_gssapi_storecreds called to late to be usable by PAM in sesion.c
http://bugzilla.mindrot.org/show_bug.cgi?id=918
Summary: ssh_gssapi_storecreds called to late to be usable by PAM
in sesion.c
Product: Portable OpenSSH
Version: -current
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P2
Component: PAM support
AssignedTo:
2005 Jul 14
1
[Bug 1053] The nonquery messages from PAM account aren't forwarded to user (privsep)
http://bugzilla.mindrot.org/show_bug.cgi?id=1053
------- Additional Comments From dtucker at zip.com.au 2005-07-14 13:51 -------
Created an attachment (id=938)
--> (http://bugzilla.mindrot.org/attachment.cgi?id=938&action=view)
only send messages from monitor on pam_account account failure
This is one way to fix this. There might be a tidier way...
------- You are receiving this
2002 Jun 06
9
[Bug 261] AIX capabilities + port-aix.c cleanup
http://bugzilla.mindrot.org/show_bug.cgi?id=261
dtucker at zip.com.au changed:
What |Removed |Added
----------------------------------------------------------------------------
OS/Version|other |AIX
------- Additional Comments From dtucker at zip.com.au 2002-06-06 21:22 -------
I finally got a chance to try this. I got compile