similar to: [Bug 1396] New: When pam-authentication thread ends, it doesn' t call the function pam_end

http://bugzilla.mindrot.org/show_bug.cgi?id=1322 Summary: pam_end() is not called if authentication fails, which breaks pam-abl Product: Portable OpenSSH Version: 4.6p1 Platform: Other URL: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=405041 OS/Version: Linux Status: NEW Severity:

http://bugzilla.mindrot.org/show_bug.cgi?id=632 Summary: PAM conversation function does not return when connection is aborted Product: Portable OpenSSH Version: 3.6.1p2 Platform: All URL: http://www.cl.cam.ac.uk/~mgk25/otpw.html#opensshbug OS/Version: Linux Status: NEW Severity: major

http://bugzilla.mindrot.org/show_bug.cgi?id=1308 Summary: pam handling change breaks pam_abl module Product: Portable OpenSSH Version: 4.6p1 Platform: UltraSparc OS/Version: Solaris Status: NEW Severity: normal Priority: P2 Component: PAM support AssignedTo: bitbucket at mindrot.org

https://bugzilla.mindrot.org/show_bug.cgi?id=2548 Bug ID: 2548 Summary: Make pam_set_data/pam_get_data work with OpenSSH Product: Portable OpenSSH Version: 7.2p1 Hardware: Sparc OS: Solaris Status: NEW Severity: major Priority: P5 Component: PAM support Assignee:

http://bugzilla.mindrot.org/show_bug.cgi?id=1308 --- Comment #6 from Tom Cox <tomc at hot.rr.com> 2007-06-24 03:12:38 --- Created an attachment (id=1312) --> (http://bugzilla.mindrot.org/attachment.cgi?id=1312) Change prevents pam_end from being called with current status. File shows problem introduced in session.c, version 1.346. -- Configure bugmail:

As many of you know, OpenSSH 3.7.X, unlike previous versions, makes PAM authentication take place in a separate process or thread (launched from sshpam_init_ctx() in auth-pam.c). By default (if you don't define USE_POSIX_THREADS) the code "fork"s a separate process. Or if you define USE_POSIX_THREADS it will create a new thread (a second one, in addition to the primary thread). The

http://bugzilla.mindrot.org/show_bug.cgi?id=419 Summary: HP-UX PAM problems with 3.5p1 Product: Portable OpenSSH Version: -current Platform: HPPA OS/Version: HP-UX Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: openssh-unix-dev at mindrot.org ReportedBy:

http://bugzilla.mindrot.org/show_bug.cgi?id=688 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- OtherBugsDependingO| |822 nThis| | Status|NEW |ASSIGNED

Hallo da mein English nicht so gut ist und bei der ?bersetzung auch noch Missverst?ndnisse auftretten k?nnten, hier das Orginal :-) Das Problem ist, dass bei der Kombination openssh pam und ldap, die Verbindung zum Ldapserver so lange offen gehalten wird bis die ssh Session geschlossen wird. Das ist nur bei SSH so ! Alle andere Dienste sprechen den Server an und schliessen nach Best?ttigung des

Let me refine my previous question: > Can anyone provide some insight into why the auth-pam module uses a fork in > pthread_create (auth-pam.c)? This completely breaks the ability of one PAM function > to pass data to others via the pam_set_data/pam_get_data functions. Can anyone tell me how to #define USE_POSIX_THREADS when building --with-pam defined? The autoconfig stuff

I want to use sshd together with pam_abl to reduce that logfile spamming with ssh attacks. So the problem is as follows: Setting maxAuthTries to 0 or any other values smaller than the default of 6 changes the behaviour of pam_abl. First, but this also happens with not using maxAuthTries option, is: if the clientside closes connection after for example one failed authentication try then the

Hello list, Bug 688 is causing me a massive headache on OS X. The fact that each PAM authentication takes place in a separate process means the PAM context data isn't shared and therefore prevents the passing of data between modules. (pam_set_data, and pam_get_data) Compiling with pthreads isn't really an option because of the added security risk and the fact that some of the PAM

Hi there, Other auth modules (eg passwd-file) allow a username_format to be specified, but not the PAM module. The use-case, is where I want a static userdb configuration which takes the domain into account but still want to use PAM for authentication, eg: userdb { driver = static args = uid=8 gid=12 home=/mnt/storage/mail/vhosts/%d/%n } passdb { driver = pam args = username_format=%n

https://bugzilla.mindrot.org/show_bug.cgi?id=2712 Bug ID: 2712 Summary: Add fingerprint of key used for public key authentication to PAM handle Product: Portable OpenSSH Version: -current Hardware: All OS: Linux Status: NEW Severity: enhancement Priority: P5

In do_pam_cleanup_proc(), there are 3 calls to PAM: 1) pam_close_session() - do lastlog stuff 2) pam_setcred(PAM_DELETE_CRED) - delete credentials 3) pam_end() - close PAM It appears that pam_setcred() always fails with the error PAM_PERM_DENIED. This is due to a check done pam_unix.so to not allow a caller with euid 0 to even try to delete their SECURE_RPC credentials. When sshd calls

This is actually something I had on my mind to write about in the past few -stable and alpha releases, but did not get to and instead always patched myself. Now having updated to the latest snapshot (which may be released as beta1), I stumbled on it again: In src/auth/passdb-pam.c, where the client host is passed to PAM, the code looks like this: #ifdef PAM_RHOST const char *host =

Hi All. Attached is a patch that implements password expiry with PAM and privsep. It works by passing a descriptor to the tty to the monitor, which sets up a child with that tty as stdin/stdout/stderr, then runs chauthtok(). No setuid helpers. I used some parts of Michael Steffens' patch (bugid #423) to make it work on HP-UX. It's still rough but it works. Tested on Solaris 8 and

I'm looking for an RPM (SRPM is OK) for pam_abl, suitable for installation on a CentOS 3.5 system. I've googled without identifying one I'm confident of. Would the one for Fedora 3 be expected to work? If not, what?

When we installed OpenSSH 2.1.1p4 on our Solaris systems, our users noticed that it did not honor password expiration consistently with other Solaris login services. The patch below is against OpenSSH 2.2.0p1 and adds support for PAM password changes on expiration via pam_chauthtok(). A brief summary of changes: auth-pam.c: * change declaration of pamh to "static pam_handle_t *pamh",

Hi - I just bought a xen VPS and am running CentOS 5 on it (updated to 5.2). With all my personal machines sitting at home behind a router with all ports (except for BitTorrent) closed - I had forgotten how frequent brute force ssh attacks are, but within a day, the log was loaded with them. So I did two things - I installed and configured pam_abl and I moved the ssh port to 1294 ( a >