similar to: [Bug 1339] New: pam_dhkeys doesn't work ( PAM_REINITIALIZE_CRED without PAM_ESTABLISH_CRED)

http://bugzilla.mindrot.org/show_bug.cgi?id=688 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- OtherBugsDependingO| |822 nThis| | Status|NEW |ASSIGNED

OpenSSH 4.7 has just been released. It will be available from the mirrors listed at http://www.openssh.com/ shortly. OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0 implementation and includes sftp client and server support. Once again, we would like to thank the OpenSSH community for their continued support of the project, especially those who contributed code or patches,

OpenSSH 4.7 has just been released. It will be available from the mirrors listed at http://www.openssh.com/ shortly. OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0 implementation and includes sftp client and server support. Once again, we would like to thank the OpenSSH community for their continued support of the project, especially those who contributed code or patches,

>> >Could we please have a clarification on the semantics of >> >PAM_CRED_ESTABLISH vs. the semantics of PAM_REINITIALIZE_CREDS? >> >> My interpretation is: >> >> You call PAM_ESTABLISH_CRED to create them >> You call PAM_REINITIALIZE_CRED to update creds that can expire over time, >> for example a kerberos ticket. Oops. I meant

http://bugzilla.mindrot.org/show_bug.cgi?id=127 Summary: PAM with ssh authentication and pam_krb5 doesn't work properly Product: Portable OpenSSH Version: 3.0.2p1 Platform: UltraSparc OS/Version: Solaris Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo:

while trying to sort out the PAM incompatabilities between openssh 3.0.2p1 and solaris 8 and sun's pam_krb5 i got some things to work. i'm really not sure where the appropriate place to submit patches is so for now i'm sending them here. this patch will allow PAM interoperability when using sun's pam_krb5 without using the system login routine (this way X forwarding will

We've been having trouble with OpenSSH 2.9p2, running on Solaris 8 (a domain of an E10k), with PAM authentication turned on. It intermittently crashes with signal 11 (seg fault) after the password is entered, after the MOTD is displayed, but before control is passed over to the login shell. I eventually managed to persuade sshd's child process to consistently crash, upon entry of an

>Neither the Sun PAM documentation nor the Linux-PAM documentation >describe the semantics of PAM_REINITIALIZE_CREDS in any useful detail. I would agree it is vague, but then that is also a problem with the XSSO document (http://www.opengroup.org/onlinepubs/008329799/) >Could we please have a clarification on the semantics of >PAM_CRED_ESTABLISH vs. the semantics of

Beyond any more general questions of whether pam sessions *should* be run as root, is there an immediate security concern with moving the pam_open_session (and pam_setcred) stuff to the parent (root) process? (E.g., via the patch below.) -- Mike Stone diff -u -r1.4 auth-pam.c --- auth-pam.c 25 Jun 2002 00:45:33 -0000 1.4 +++ auth-pam.c 25 Jun 2002 20:33:41 -0000 @@ -286,6 +286,8 @@

I've attached two patches. The first just changes the output of "ssh -V" to print that it was built against rsaref if libRSAglue (which is built as part of openssl only when it is built against rsaref) is present at build-time. The second adds appropriate calls to pam_setcred() in sshd. Without them, our systems can't access AFS because the PAM modules only get tokens at a

On 2001-10-26 at 13:35:50 Nicolas Williams <Nicolas.Williams at ubsw.com> wrote: > On Fri, Oct 26, 2001 at 02:11:13PM +0200, Markus Friedl wrote: > > On Fri, Oct 26, 2001 at 10:14:21AM +1000, Damien Miller wrote: > > > On Thu, 25 Oct 2001, Ed Phillips wrote: > > > > > > > What is the reasoning behind this? Do we want to see a lastlog entry for >

As many of you know, OpenSSH 3.7.X, unlike previous versions, makes PAM authentication take place in a separate process or thread (launched from sshpam_init_ctx() in auth-pam.c). By default (if you don't define USE_POSIX_THREADS) the code "fork"s a separate process. Or if you define USE_POSIX_THREADS it will create a new thread (a second one, in addition to the primary thread). The

Hi, I'm trying to make sshd perform a keylogin on a Solaris 7 NIS+ client with PAM. ssh connects and works fine but keyserv reports that it `can't encrypt the session key'. So I think the keylogin failed or did not happen when the user started an ssh session. The following message is logged in syslog. >sshd[489]: pam_setcred: error Permission denied >sshd[506]:

We've discovered that although Winbind supports password changes when the account password is expired, this only works with *interactive* shells. This is a major problem for us. Use case 1: SSH tunnels: $ ssh user2@localhost -N -L 4711:localhost:22 user2@localhost's password: <trying to use the tunnel> channel 2: open failed: administratively prohibited: open failed As you can

https://bugzilla.mindrot.org/show_bug.cgi?id=2399 Bug ID: 2399 Summary: openssh server should fatal out when pam_setcred and pam_open_session fail Product: Portable OpenSSH Version: 6.8p1 Hardware: Sparc OS: Solaris Status: NEW Severity: normal Priority: P5

IT WORKS!!! I can telnet, ftp, rsh... to my Samba 3.0.1 box (Solaris 9 sparc) here is (at the end) my pam.conf (in case somebody is interested in) The trick is commenting "other accound... winbind..." string in pam.conf! My English is corrupted wnen i'm full #other account sufficient /usr/lib/security/pam_winbind.so.1 Thanks Andrew Barlett! and since now i just LOVE SAMBA

Hi I'm trying to get winbindd work with authentication for other services. Winbindd works fine in samba. I get these errors using rlogin from another server to sun10. Oct 31 08:26:11 sun10 pam_winbind[26694]: request failed, PAM error was 4, NT error was NT_STATUS_INVALID_PARAMETER Oct 31 08:26:11 sun10 pam_winbind[26694]: internal module error (retval = 4, user = `tommyf' Supported

I'm wondering if anyone has tried use local Solaris NSS files for root-only login VIA the console or ssh - effectively bypassing domain security to the PDC using ADS - Windows 2003 AD? I am not having a problem logging as the non-admin user. I wish to login to the root account that would not be part of the ADS domain security eventually over an ssh connection or directly to /dev/console via a

http://bugzilla.mindrot.org/show_bug.cgi?id=926 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- OtherBugsDependingO|994 | nThis| | ------- Additional Comments From dtucker at zip.com.au 2005-05-22 11:03 -------

http://bugzilla.mindrot.org/show_bug.cgi?id=189 Summary: pam_setcred() failures should not be treated as fatal Product: Portable OpenSSH Version: 3.1p1 Platform: Other OS/Version: All Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: openssh-unix-dev at mindrot.org