similar to: [Bug 1298] Use of Allow/DenyGroups leads to slow login

http://bugzilla.mindrot.org/show_bug.cgi?id=1298 Darren Tucker <dtucker at zip.com.au> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |dtucker at zip.com.au --- Comment #1 from Darren Tucker <dtucker at zip.com.au> 2007-05-20 16:59:07 ---

http://bugzilla.mindrot.org/show_bug.cgi?id=999 Summary: AllowGroups ,DenyGroups failed to report hostname Product: Portable OpenSSH Version: 4.0p1 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: openssh-bugs at mindrot.org ReportedBy:

https://bugzilla.mindrot.org/show_bug.cgi?id=2292 Bug ID: 2292 Summary: sshd_config(5): DenyUsers, AllowUsers, DenyGroups, AllowGroups should actually tell how the evaluation order matters Product: Portable OpenSSH Version: 6.7p1 Hardware: All OS: All Status: NEW

https://bugzilla.mindrot.org/show_bug.cgi?id=1690 Summary: AllowUsers and DenyGroups directives are not parsed in the order specified Product: Portable OpenSSH Version: 5.3p1 Platform: ix86 OS/Version: Linux Status: NEW Keywords: patch Severity: trivial Priority: P2 Component:

Hi! I have a setup with several Linux machines running samba-3.0.22-10.1.17 (from SuSE 10 OSS), authenticating against an AD. Since one of the machines is exporting an NFS share mounted by the rest of the machines, I need SID <-> uid/gid mapping to be shared between all Linux machines, which led me into using an OpenLDAP server as idmap backend. My smb.conf is found at the end of this mail.

Hi! I'm trying to convert my tdb-based idmap mapping to a LDAP-based one. This generally works as intended, with one exception - the highest uidNumber/gidNumber in use is not transferred, and this causes duplicate use of the same uid/gidNumber. Here's what I'm doing: 1) net idmap dump /var/cache/samba/winbindd_idmap.tdb > idmap.dump 2) Set idmap backend in smb.conf to

Hi, I ran across a case in which my server maintenance was simplified by using SSHD configuration options like this in sshd_config: AllowGroups admin at 192.168.0.* sshuser in much the same fashion as (Allow|Deny)Users. In this case, the goal is to provide access to administrators only from the local network, while allowing SSH users to login from anywhere. This (IMHO) simplifies access

I smacked into this previously reported bug today whereby an invalid keyword in the Match{} stanza did not throw an error on configuration reload. Are there any plans to fix this? Likewise the penchant for some fields to be comma separated and others to be spaces is just asking for mistakes. Why not support both and be done with it? There was no response (that I saw in the archives) to this post

https://bugzilla.mindrot.org/show_bug.cgi?id=2391 Bug ID: 2391 Summary: Enhance AllowGroups documentation in man page Product: Portable OpenSSH Version: 6.8p1 Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 Component: Documentation Assignee:

Markus, ignore the other stuff I sent.. I need to go back to bed and stop trying to code.. <sigh> For everone else.. Will this make everyone happy? This does the follow. it will always honor AllowUsers. If there is no Allow/DenyGroups it stated they are not in allowUsers. IF there are AllowDenyGroups it tries them. And then stated they are not in either AllowUsers nor AllowGroups

https://bugzilla.mindrot.org/show_bug.cgi?id=3193 Bug ID: 3193 Summary: Add separate section in sshd_config man page on Access Control Product: Portable OpenSSH Version: 8.3p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component:

OpenSSH 4.1 has just been released. It will be available from the mirrors listed at http://www.openssh.com/ shortly. OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0 implementation and includes sftp client and server support. We would like to thank the OpenSSH community for their continued support to the project, especially those who contributed source and bought T-shirts or

OpenSSH 4.1 has just been released. It will be available from the mirrors listed at http://www.openssh.com/ shortly. OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0 implementation and includes sftp client and server support. We would like to thank the OpenSSH community for their continued support to the project, especially those who contributed source and bought T-shirts or

Hi all, this is a patch to make Ciphers, MACs and KexAlgorithms available in Match blocks. Now I can reach a -current machine with some Android terminal app without changing the default ciphers for all clients: Match Address 192.168.1.2 Ciphers aes128-cbc MACs hmac-sha1 KexAlgorithms diffie-hellman-group-exchange-sha1 Index: servconf.c

The primary purpose of the attached patches is for portable OpenSSH to support changing expired passwords as specified in shadow password files. To support that, I did a couple enhancements to the base OpenBSD OpenSSH code. They are: 1. Consolidated the handling of "forced_command" into a do_exec() function in session.c. These were being handled inconsistently and allocated

http://bugzilla.mindrot.org/show_bug.cgi?id=1315 Summary: Match Group does not support negation Product: Portable OpenSSH Version: 4.6p1 Platform: All OS/Version: All Status: NEW Severity: enhancement Priority: P2 Component: sshd AssignedTo: bitbucket at mindrot.org ReportedBy: wknox at

Hey everyone, After discussing the AllowGroups I think I've discovered a bug. The system is a solaris 8 system and the problem is that when I use AllowGroups with no AllowUsers args, the proper actions happen. Same with AllowUsers and no AllowGroups. When I try to combine the two, none of the Allow directives seem to take. Is it just me or maybe a bug? -James

Hello all, At my current job the time has come to unify our LDAP infrastructure into one tree (preferably). The basics are working but we are not sure how to restrict which users can log into which machines. What we would like is for everyone in the (for example) "infra" group to log into all machines while people in the "development" group can only log into development

Hi Folks, I'm trying to run samba on Solaris 9. It works OK when I don't compile in kerberos and ldap, but when with those two compiled in, smbd seems to freeze (nmbd and winbindd are OK). After a bit of investigation I notice something strange in truss: ... /1@1: -> libldap-2.3:ldap_free_urldesc(0x30dfe8, 0x32e048, 0x32dfb8, 0x3 /1@1: ->

The following is a patch I've been working on to support a "ChrootUser" option in the sshd_config file. I was looking for a way to offer sftp access and at the same time restict interactive shell access. This patch is a necessary first step (IMO). It applies clean with 'patch -l'. Also attached is a shell script that helps to build a chrooted home dir on a RedHat 7.2