similar to: OpenSSH-1.12pre17: PATCH: Red Hat PAM limits

Hi all. It's nice to see that AIX support (unintentionally?) is getting better and better. :) Attached is a patch against pre14 that fixes AIX support. All that is left, basically, is a replacement for the /dev/urandom way of getting entropy. ... A completely different thing... how about DCE support? I was thinking of adding some dce code to sshd that: 1. Attaches credentials based on

Can anyone using PAM and rsa-rhosts authentication replicate this? Damien -------------- next part -------------- An embedded message was scrubbed... From: Adrian Baugh <adrian at merlin.keble.ox.ac.uk> Subject: Serious Bug Report: OpenSSH Date: Wed, 1 Dec 1999 02:38:56 +0000 (GMT) Size: 3926 Url:

Howdy, The string of notices on BugTraq about RSAref being vulnerable to overflows has me concerned. After trying to sort through all the messages, I can't figure out whether I need to update OpenSSL (a check of their website indicates no new patches), OpenSSH, both, or neither. I am aware there is no known exploit for it yet. I could be a bad boy and just run all

Howdy, It seems that as of 1.2pre15, ssh-add no longer looks for ssh-askpass in the usual place. (I noticed this both in the source code, ssh-add.c, and to some degree in the ChangeLog.) If you're like me and keep ssh-add in your Autostart folder in KDE, chances are upgrading to 1.2pre15 will result in no longer getting the nice Gnome widget we've come to know and love when

Attached is a spec file for OpenSSH on SuSE 6.4 and 7.0 systems. It differs from the current spec file in the following details: - Only one rpm file is created containing client and server files. - PreReq `openssl-devel' is changed to `openssl'. - Path '/usr/libexec/ssh' is changed to '/usr/lib/ssh' for ssh-askpass and gnome-ssh-askpass. The resulting

Howdy, It seems that even when specifying the --with-tcp-wrappers configure flag, the LIBWRAP define in config.h never gets #define'd and -lwrap never gets added to LIBS in the Makefile. To make sure I wasn't dealing with a stale configure file, I ran autoconf on configure.in to roll a new configure. I also don't see anything wrong with the --with-tcp-wrappers defined in

Howdy, Well, I finally made it through a complete build of OpenSSH on Solaris 7/x86. I've included a few notes below. Most of them are either simple enough or too complex (i.e. I'm not sure how to do it without breaking other platforms) to generate patches for here. 1) _PATH_DEVNULL, _PATH_UTMP and _PATH_WTMP aren't defined anywhere, since Solaris doesn't appear

Howdy, The following patch should be applied if you're building a SuSE-style RPM with the spec file included in the pre15 tarfile. I've made some changes since the copy that went out with pre15, and I've been a little lax in sending the updates up. Namely, one of the fixes includes not making symlinks part of the package itself. They are now done with a postinstall

> We are trying to have linux authenticate to linux server running samba > 3.0. We have the XP Pro, 6.2 redhat, and 7.3 redhat machines. They all > authenticate to the linux server but we are having problems with blank > passwords or the user can type any password. We are using pam modules for > the authentication on the client machines. > I have included the config files for

> -----Original Message----- > From: Reed, Tameika > Sent: Monday, November 17, 2003 5:56 PM > To: 'samba@lists.samba.org' > Subject: Samba PDC trying rid null logins > > > > > We are trying to have linux authenticate to linux server running samba > 3.0. We have the XP Pro, 6.2 redhat, and 7.3 redhat machines. They all > authenticate to the

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have just uploaded 1.2.1pre22 to: http://violet.ibs.com.au/openssh/files/ This release consists of portability fixes and cleanups. It also resolves two issues which may have caused security problems - If you OS header files did not define PATH_STDPATH, then an unsafe path was used by default (it contained an implicit '.'). Thanks

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have just uploaded 1.2.1pre22 to: http://violet.ibs.com.au/openssh/files/ This release consists of portability fixes and cleanups. It also resolves two issues which may have caused security problems - If you OS header files did not define PATH_STDPATH, then an unsafe path was used by default (it contained an implicit '.'). Thanks

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have just uploaded openssh-1.2pre16 to: http://violet.ibs.com.au/openssh This is mainly a bugfix release, it should fix some of the recurrent compile problems that have been reported to the mailing list and to me (the __P() stuff on Solaris for example). Full changelog: 19991207 - sshd Redhat init script patch from Jim Knoble <jmknoble at

Hi, I have recently upgraded from OpenSSH-3.5 to OpenSSH-3.8 on my Red Hat 6.2 servers. I use radius (pam_radius_auth) for ssh authentication. Since the upgrade ssh1 (putty 0.52) logins are failing. I've come to the conclusion that pam is skipping the radius section of the config file and is falling back to standard unix authentication. Is there any way of making ssh1 work with radius on

Hi, I have an auth module for PAM that I wrote a few years ago called pam_vsd.so. The idea is that a user must have a certain privilege before they can successfully authenticate. Without the privilege the PAM module will return PAM_PERM_DENIED. However I find that in OpenSSH 3.7.1p2, I can easily subvert this check simply by hitting return 3 times on connection i.e. [nick at localhost

Hello Andrew, I'm a little stuck with my login authentication for my Samba 3 box. With the new features in Samba 3 - Should I be able to provide username@domain & password at login that would authenticate me against our W2K ADS PDC and obtain my kerberos ticket? Please advise on the suggested way to authenticate against our Active Directory domain at login if I'm way off base on

Attached is a small patch that should fix most of the problems reported. I am adding a recommendation to use GNU make to the INSTALL document. Regards, Damien -- | "Bombay is 250ms from New York in the new world order" - Alan Cox | Damien Miller - http://www.mindrot.org/ | Email: djm at mindrot.org (home) -or- djm at ibs.com.au (work) -------------- next part -------------- Index:

I just spent some time trying to figure out how to get OpenSSH to work correctly with NIS and PAM. It seems to work fine, apart from one minor worry I still have (see below). Feedback about grave security risks are welcome :) This is using RedHat 6.1 with updates and the OpenSSH 1.2.2p1-1 RPM's on the NIS server as well as the client. In short, my configuration is: /etc/nssswitch.conf:

Hello, I'm trying to get Winbind to authenticate users that don't have local accounts on a SAMBA BDC. I have (3) BDCs (1) PDC running OpenLDAP 2.1.23 pass backend and Samba 3.0. These are on RedHat 8.0 systems. 3 BDC are also slave LDAP and 1 master directory server on the PDC. I went through the Samba documentation CH21 and made modifications to the BDCs and PDC as follows:

On May 1st, Chuck Sullivan posted the following: https://listman.redhat.com/pipermail/k12osn/2003-March/007755.html No mention was made of /etc/pam.d/passwd, which is what I think we need to set to enable a user to change their domain password. Our current settings are: /etc/pam.d/passwd: #%PAM-1.0 auth required /lib/security/pam_stack.so service=system-auth auth sufficient