similar to: [Bug 445] User DCE Credentials do not get forwarded to child session

http://bugzilla.mindrot.org/show_bug.cgi?id=445 Summary: User DCE Credentials do not get forwarded to child session Product: Portable OpenSSH Version: 3.4p1 Platform: Alpha OS/Version: OSF/1 Status: NEW Severity: normal Priority: P2 Component: ssh AssignedTo: openssh-unix-dev at

http://bugzilla.mindrot.org/show_bug.cgi?id=445 ------- Additional Comments From djm at mindrot.org 2003-05-15 21:39 ------- I am not sure I understand (my Kerberos knowledge isn't so great): We already set this for Krb5 auth: #ifdef KRB5 if (s->authctxt->krb5_ticket_file) child_set_env(&env, &envsize, "KRB5CCNAME", s->authctxt->krb5_ticket_file);

http://bugzilla.mindrot.org/show_bug.cgi?id=445 ------- Additional Comments From simon at sxw.org.uk 2003-05-21 00:49 ------- The existing code only handles the situation where Kerberos credentials are created by the OpenSSH's krb5 code. What would appear to be happening under OSF/1 is that one of the calls used to verify the users login is, as a by-product, creating the credentials

http://bugzilla.mindrot.org/show_bug.cgi?id=445 ------- Additional Comments From djm at mindrot.org 2003-01-07 12:20 ------- The attached patch has been corrupted - please attach it (in "diff -u" format) to the bug using the "Create Attachment" link ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

Hi, I have a Debian Stretch computer which is a "samba4 member server" of an Samba4 AD domain (versions etc. are mentioned at the end of the message). I think my config is OK and I can open a _graphical_ session with an AD account user. The display manager of the computer is Lightdm. For for instance, I can open a graphical session with the AD account bob (uid == 14001). In this case, I

http://bugzilla.mindrot.org/show_bug.cgi?id=757 Summary: KRB5CCNAME inherited from root's environment under AIX Product: Portable OpenSSH Version: -current Platform: PPC OS/Version: AIX Status: NEW Severity: minor Priority: P2 Component: sshd AssignedTo: openssh-bugs at mindrot.org

I?ve stumbled across a rather obscure problem with ssh. My machine is setup to use Kerberos authentication, i.e., I use the pam_krb5 module in the ssh auth section of the PAM configuration file and I have sshd compiled to accept valid Kerberos 5 tickets as well. I also use OpenAFS, so I?ve got the pam_openafs_session module in the ssh session section of the PAM configuration file. Everything

Greetings, I'm working on the infrastructure of a medium size client/server environment using an Active Directory running on Windows Server 2003 for central authentication of users on linux clients. Additionally OpenAFS is running using Kerberos authentication through Active Directory as well. Now I want to grant users remote access to their AFS data by logging in into a central OpenSSH

Hello All, I have run into a situation where a user exiting from a PAM_KERBEROS-authenticated session runs the risk of deleting a kinit-generated credentials file that was already sitting on the server. I will explain the problem in detail, but let me begin with my question. It has a specific reference to PAM_KERBEROS, but it can also be a general question. If a user (ssh) session was

I believe there is a bug in how AIX handles the KRB5CCNAME environment variable. The symptom occurs when a root user restarts sshd while they have KRB5CCNAME set; all of the resulting client connections will inherit the same KRB5CCNAME variable. This can occur if the admin uses 'ksu' or some other kerberized method of obtaining root privileges. Investigating this problem, I stumbled

Hi guys While debugging a GSSAPI memory allocation problem not related to OpenSSH, I found a memory leak in OpenSSH when storing forwarded GSSAPI credentials resulting in a growing process segment for each connection that uses GSSAPI credentials forwarding. What happens is the following: In the privileged parent, we are calling ssh_gssapi_storecreds() which itself calls

https://bugzilla.mindrot.org/show_bug.cgi?id=1601 Summary: Memory leak caused by forwarded GSSAPI credential store Product: Portable OpenSSH Version: 5.2p1 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: unassigned-bugs at

Hello, I am using OpenSSH-3.8p1 on HP-UX machine with USE_POSIX_THREADS option. This is for making the kerberos credentials file to be created in the system with PAM. In OpenSSH versions 3.5 when authentication is done with pam kerberos, a /tmp/krb5cc_X_Y file is created on the server side. But the KRB5CCNAME variable is not set by default. So, after we manually set this environment variable, the

Hi Guys- We are a group involved in a project to move an application from Windows to AIX, and part of the application involves reading OSF DFS shares, and making the filesystem available to Windows machines through SAMBA. The conversion of the application has gone well, but it is our first time using SAMBA and I have some questions that hopefully are not too dumb, and if they are, we would gladly

http://bugzilla.mindrot.org/show_bug.cgi?id=914 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- BugsThisDependsOn| |971 ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=560 Summary: Privsep child continues to run after monitor killed. Product: Portable OpenSSH Version: -current Platform: ix86 URL: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=164797 OS/Version: Linux Status: NEW Severity: normal Priority: P2

http://bugzilla.mindrot.org/show_bug.cgi?id=757 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #498 is|0 |1 obsolete| | ------- Additional Comments From dtucker at zip.com.au 2003-12-23 00:44 -------

http://bugzilla.mindrot.org/show_bug.cgi?id=918 Summary: ssh_gssapi_storecreds called to late to be usable by PAM in sesion.c Product: Portable OpenSSH Version: -current Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: PAM support AssignedTo:

http://bugzilla.mindrot.org/show_bug.cgi?id=1053 ------- Additional Comments From dtucker at zip.com.au 2005-07-14 13:51 ------- Created an attachment (id=938) --> (http://bugzilla.mindrot.org/attachment.cgi?id=938&action=view) only send messages from monitor on pam_account account failure This is one way to fix this. There might be a tidier way... ------- You are receiving this

http://bugzilla.mindrot.org/show_bug.cgi?id=261 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- OS/Version|other |AIX ------- Additional Comments From dtucker at zip.com.au 2002-06-06 21:22 ------- I finally got a chance to try this. I got compile