similar to: [Bug 1241] Connections to Tru64 hosts hang when password is expired.

https://bugzilla.mindrot.org/show_bug.cgi?id=1241 Darren Tucker <dtucker at zip.com.au> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #1194| |ok? Flag| |

https://bugzilla.mindrot.org/show_bug.cgi?id=1241 Darren Tucker <dtucker at zip.com.au> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks|1452 |1560 --- Comment #7 from Darren Tucker <dtucker at zip.com.au> 2009-07-31 10:12:10 --- OK, well

http://bugzilla.mindrot.org/show_bug.cgi?id=1241 Summary: Connections to Tru64 hosts hang when password is expired. Product: Portable OpenSSH Version: 4.4p1 Platform: Alpha OS/Version: OSF/1 Status: NEW Keywords: patch Severity: normal Priority: P2 Component: sshd

Hi All. There have recently (well, today :-) been changes to OpenSSH Portable's auth-passwd.c from OpenBSD to accomodate forced changes of expired passwords. (Rabid password expirers shoulon't get excited yet, it's currently bsdauth only, but support for other platforms should start trickling in shortly). As part of that, some individual platforms have gained their own

http://bugzilla.mindrot.org/show_bug.cgi?id=802 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- OtherBugsDependingO| |821 nThis| | Summary|sshd of openssh-3.8p1 |sshd configured with SIA

I am just looking for a quick answer as to whether or not OpennSSH is compatible with Digital Unix Tru64 v 4.0F. Hing Fei Wong Systems Engineer Building 100, M1309 Valley Forge, PA Admin # 4-6242 -----Original Message----- From: Darren Tucker [mailto:dtucker at zip.com.au] Sent: Friday, June 23, 2006 3:53 AM To: Wong, Hing Fei Cc: www at openbsd.org Subject: Re: OpenSSH compatibility with

Well, I had just finally gotten around to downloading a snapshot to test the latest on Tru64 a couple of days ago but hadn't had a chance to build it yet, and 3.7p1 has now been released. Sigh. The problem is that Tru64 setreuid() and setregid() are broken, so privsep doesn't work. This could also be a security problem for SIA authentication in general (any version of OpenSSH on Tru64,

I think I'm ready with the SIA (Security Integration Architecture) patches for Tru64 UNIX. All of the code was written by Tom Woodburn, an engineer at Compaq. I've only performed integration and testing of the patches with more help from Tom. Tom's original patches were included in the "other" ssh. We'd both like to see SIA support get into OpenSSH. SIA provides PAM-like

Here is a long-overdue (sorry about that) patch for Tru64. It is pretty minor mostly (minor formatting and removal of a couple of unneeded calls), and it disables post-auth privsep (so that OpenSSH will work "out of the box" on Tru64, avoiding the many questions). I'm also looking at getting setproctitle working. For Tru64 4.x, it isn't a big deal (normal PS_USE_CLOBBER_ARGV

I have "PermitRootLogin no" in my sshd_config, but under Tru64 and SIA, the root login attempts still get passed to the SIA system (so I get lots of warnings about failed root logins). On systems with a "max failed attempts" setting, the root account can be locked out this way. I started looking at the code, and I'm not sure I understand what I see. In auth-passwd.c,

I have recently written a (minimal) Tru64 Unix SIA password module for Dovecot as part of testing a Dovecot installation. Has anyone else written a Tru64 Unix SIA module? Is anyone else interested in such a module? If so, how might I/we go about getting this/such a module into the main Dovecot source? Thanks -- Simon L Jackson Carringbush.Net +- Carringbush.Net Hosting * Development *

Hi- Under privsep, I experimented with moving the session_setup_sia() out of do_child() and into do_setusercontext(), which is where the uids/gids are set to the final execution user. The call is made with a NULL tty, and this is functional provided that any later pty allocation uses grantpty() to set the device permissions. Logging in with this method shows that a utmp entry does get made for

What do we loose by not having post-auth privsep? What code is executed between authorization and actual setting of the effective uid? On Tue, 3 Sep 2002, Chris Adams wrote: > Once upon a time, Toni L. Harbaugh-Blackford <harbaugh at nciaxp.ncifcrf.gov> said: > > It appears that the integration of the sia session setup will either > > have to be rethought or abandoned

Ok.. I need wider testing for this. I'm getting reports back it works mostly. 'ssh site ls' fails, but they can login with Privsep enbled. Can I get those who are using Tru64 or OSF/1 that have SIA enabled to test? This should apple to either -cvs or the current snapshot (I would perfer not to use 3.4p1 due to bugs). I'm going on a trip next week and will be around very spotty

Something really hosed Digital/Tru64 UNIX SIA support in 2.5.2p1. I haven't been able to figure out what changed in the code, but the symptom seems to be that the TTY name being registered with SIA is truncated to eight characters. This apparently prevents it from matching with entries in the tty database, and the dreaded "Cannot obtain database information on this terminal

Either this never made it to the list or no one cares about Tru64. This is the last time I'll send this patch to the list. If no one steps up and finishes it or provides me with enough information to fix any remaining bugs (one being complaint that 'ssh site cmd' does not work right). If there is no activity on this for a week. I'll post it to bugzilla and will ignore any

1) Testing of uidswap.c on a Tru64 UNIX V4.0G PK4 (BL22) machine shows the following defines to be required for correct uid changing semantics: #define BROKEN_SETREGID 1 #define BROKEN_SETREUID 1 #define SETEUID_BREAKS_SETUID 1 Failure to fix these contributes to breaking privilege separation (in a safe way: connections will fail while UsePrivilegeSeparation=yes, thanks to

http://bugzilla.mindrot.org/show_bug.cgi?id=802 Summary: sshd of openssh-3.8p1 doesn't link on Tru64. Product: Portable OpenSSH Version: 3.8p1 Platform: Alpha OS/Version: OSF/1 Status: NEW Severity: normal Priority: P2 Component: Build system AssignedTo: openssh-bugs at mindrot.org

I'm working on adding SIA authentication support to OpenSSH for use on Tru64 UNIX. The authentication bits are working but there's more work to be done including checking for locked accounts and setting resource limits. Anyway, most things seem to be working fine except for scp and I'm looking for a little help. Here's some output: % scp -v lopan:sl.tar . Executing: host lopan,

https://bugzilla.mindrot.org/show_bug.cgi?id=1007 --- Comment #16 from Darren Tucker <dtucker at zip.com.au> 2008-01-01 04:57:07 --- Created an attachment (id=1431) --> (http://bugzilla.mindrot.org/attachment.cgi?id=1431) Make ssh-rand-helper close all fds above STDERR Random thought: I wonder if some commands are making unwarranted assumptions about the descriptors they inherit?