Displaying 20 results from an estimated 500 matches similar to: "[Bug 1945] New: Only 1 of the 2 krb cache files is removed on closing the ssh connection with UsePrivilegeSeparation=yes"
2003 Oct 29
4
Fix for USE_POSIX_THREADS in auth-pam.c
As many of you know, OpenSSH 3.7.X, unlike previous versions, makes
PAM authentication take place in a separate process or thread
(launched from sshpam_init_ctx() in auth-pam.c). By default (if you
don't define USE_POSIX_THREADS) the code "fork"s a separate process.
Or if you define USE_POSIX_THREADS it will create a new thread (a
second one, in addition to the primary thread).
The
2004 Sep 14
1
PATCH: Public key authentication defeats passwd age warning.
All,
I tried to sign up for this list a few weeks ago, but I don't think
it worked. After I confirmed my intention to be on the list, I only
got one single message from someone on the list, and that was it.
So, either this is a particularly quiet list, or my subscription
was dropped somehow just after it was made. So, if you could kindly
CC me directly on any responses to this, I sure would
2003 Sep 26
1
openssh-3.7.1p2: no pam_close_session() invocation
Hello,
I would like to use PAM. All PAM interaction worked well with openssh-3.5
Now that I have tried to upgrade to 3.7.1p1/p2 the pam_close_session()
function won't get invoked. Some debugging shows, that the call is
protected by an if-statement (module auth-pam.c, function sshpam_cleanup):
if (sshpam_session_open) {
pam_close_session(sshpam_handle, PAM_SILENT);
/* cb, 26.09.03 */
2003 Nov 13
0
[PATCH] Make PAM chauthtok_conv function into tty_conv
Hi All.
Attached is a patch that converts pam_chauthtok_conv into a generic
pam_tty_conv, which is used rather than null_conv for do_pam_session.
This allows, for example, display of messages from PAM session modules.
The accumulation of PAM messages into loginmsg won't help until there is
a way to collect loginmsg from the monitor (see, eg, the patches for bug
#463). This is because the
2003 Aug 08
0
Problem with -current on Solaris 8 + PAM?
Hi All.
Has anyone else tried the current tree on Solaris 8? I installed a
recommended patch cluster and now I get PAM errors, but only on a
non-interactive (ie no TTY) login. I think this behaviour was introduced
with the patch cluster.
First thing is that in debug mode, the debug at auth-pam.c:534 derefs tty
which is null, and segfaults. This occurs in debug mode only and is easy
to fix.
2007 May 24
2
[RFC][PATCH] Detect and handle PAM changing user name
I've implemented a patch to openssh which allows the PAM auth layer
to detect if the PAM stack has changed the user name and then adjusts
its internal data structures accordingly. (imagine a PAM stack that
uses individual credentials to authenticate, but assigns the user to
a role account).
First, is the openssh community interested in this patch?
Second, if there is interest in the patch,
2012 Sep 25
2
OpenSSH banner doesnot display multibyte characters like korean
Hello,
The banner message displayed on the screen contain octal values
instead of korean chars. Prior to ssh 5.1 the banner message would
display the charaters properly.
I understand that starting from 5.1 the message is passed through
strnvis() function.
I looked into documentation on strnvis and found that it does not
support multibyte chars and doesnt work well with international chars.
2003 Dec 07
0
[PATCH] Do PAM chauthtok via keyboard-interactive.
Hi All.
Attached is another patch that attempts to do pam_chauthtok() via SSH2
keyboard-interactive authentication. It now passes the results from the
authentication thread back to the monitor (based on a suggestion from
djm).
Because of this, it doesn't call do_pam_account twice and consequently
now works on AIX 5.2, which the previous version didn't. I haven't tested
it on any
2008 Jan 24
2
Shearing file systems on the network
I have 4 systems and each one of them has a partition I'd like to be remotely
accessible on the other 3 systems.
In other words System1 has Partition1. Systems 2,3,4 should be able to
remotely mount Partition1 from System1. Also System2 has Partition2. Then
systems 1,3,4 should be able to remotely mount Partition2 from System2 and so
on.
I tried NFS and it works but only in the ideal
2003 Nov 13
0
[PATCH] Perform do_pam_chauthtok via SSH2 keyboard-interactive.
Hi All.
Attached is a patch to perform pam_chauthtok via SSH2
keyboard-interactive. It should be simpler, but since Solaris seems to
ignore the CHANGE_EXPIRED_AUTHTOK flag, it calls do_pam_account to check
if it's expired. To minimise the change in behaviour, it also caches the
result so pam_acct_mgmt still only gets called once.
This doesn't seem to work on AIX 5.2, I don't know
2002 Mar 15
0
Permission denied
Hi,
I installed openssh3.1p1 on two IRIX test systems which have both
ipv6/v4 stack. When tried to execute ssh, it says permission denied and
it fails.
I did add --with-pam when i did configure, installed pam libraries also
on the test systems.
user1 at system1~
59 % /usr/freeware/bin/ssh user1 at system1 /usr/bin/true
user1 at system1's password:
Permission denied, please try again.
user1
2003 Oct 12
4
[PATCH]: Call pam_chauthtok from keyboard-interactive.
Hi All.
This patch calls pam_chauthtok() to change an expired password via PAM
during keyboard-interactive authentication (SSHv2 only). It is tested on
Redhat 8 and Solaris 8.
In theory, it should have simply been a matter of calling pam_chauthtok
with the PAM_CHANGE_EXPIRED_AUTHTOK flag, it'd only change the password is
if it's expired, right? From the Solaris pam_chauthtok man page:
2006 Feb 12
1
sshd double-logging
Hi all.
As Corinna pointed out, there are some cases where sshd will log some
authentications twice when privsep=yes.
This can happen on any platform although it seems most obvious on the
ones that don't do post-auth privsep. It also occurs when sshd logs
to stderr (eg running under daemontools) or when you have a /dev/log in
the privsep chroot.
The patch below attempts to solve this for
2013 Oct 31
9
[Bug 2167] New: Connection remains when fork() fails.
https://bugzilla.mindrot.org/show_bug.cgi?id=2167
Bug ID: 2167
Summary: Connection remains when fork() fails.
Product: Portable OpenSSH
Version: 5.3p1
Hardware: Other
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: sshd
Assignee: unassigned-bugs at
2004 Dec 28
2
LinuxPAM and sshd: changing conversation function doesn't work but claims to.
Hi.
I'm one of the OpenSSH developers, and I've done some of the work on
sshd's PAM interface recently.
I've discovered some behaviour peculiar to LinuxPAM that I can't
explain: changing the conversation function does not appear to work,
even though the pam_set_item() call claims to succeed. The previous
conversation function is still called.
Background: the PAM API
2010 May 11
1
asterisk-users Digest, Vol 70, Issue 24
Yes this scenario works on my 2 systems which are at LAN. I made one system
as server (192.168.0.20) and registered from other system... it is fine but
now there is a different scene.
actually there is a registered user named abc at system1 (192.168.0.20)
having context [payasyougo] which is used to do outbound calls. we want to
use this user's context and account so that when we register
2012 Nov 02
3
lctl ping of Pacemaker IP
Greetings!
I am working with Lustre-2.1.2 on RHEL 6.2. First I configured it
using the standard defaults over TCP/IP. Everything worked very
nicely usnig a real, static --mgsnode=a.b.c.x value which was the
actual IP of the MGS/MDS system1 node.
I am now trying to integrate it with Pacemaker-1.1.7. I believe I
have most of the set-up completed with a particular exception. The
"lctl
2013 Jul 19
1
--fake-super locally?
I'm rsyncing files on system1 to its external HD. system2 is remote
and pulls those files from the external HD. system2 does not have
root privileges on system1 so I chown the files to pull. Can I
somehow use --fake-super or something similar to save the original
ownership info to ACLs?
- Grant
2010 Jul 16
8
[Bug 1799] New: Unable to login through PAM on Solaris 8 x86 due to PAM_TTY
https://bugzilla.mindrot.org/show_bug.cgi?id=1799
Summary: Unable to login through PAM on Solaris 8 x86 due to
PAM_TTY
Product: Portable OpenSSH
Version: 5.5p1
Platform: ix86
OS/Version: Solaris
Status: NEW
Severity: major
Priority: P2
Component: PAM support
AssignedTo:
2020 Mar 11
6
[PATCH 0/1] *** SUBJECT HERE ***
Hi,
sifting through my system's logs, I noticed many break-in attempts by
rogue ssh clients trying long lists of common passwords. For some time
now I pondered different approaches to counter these, but could not come
up with a solution that really satisfied me.
I finally reached the conclusion that any countermeasures required
support in sshd itself, and created the attached patch. If