Displaying 20 results from an estimated 5000 matches similar to: "Letting PAM add a user"
2001 May 01
0
problem with PAM coding, openssh-2.5.2p2
Howdy coders,
in openssh-2.5.2p2,
auth1.c, do_authentication()
you folks do a call to getpwnam(user)
If this fails, you NULL out 'pw'
Unfortunately, this stops start_pam() from being called at all.
I'm not a PAM API expert, but I was under the impression that there are pam
API calls you should be making for account verification, in PARALLEL to
getpwnam(), rather than being
2000 Aug 27
0
patch for TIS (skey/opie) *and* passwd auth via PAM
Hello,
appended is a patch that makes it possible to use PAM both for
password authentication and TIS (i.e. s/key or opie or any other
interactive challenge/response scheme). I have developed this starting
from the patch at http://www.debian.org/Bugs/db/61/61906.html on
Debian with openssh-2.1.1p4-3. After configuring ssh with
--with-pam-tis, there are two PAM services, "sshd" and
2002 Feb 15
0
[Bug 118] New: Implement TIS (protocol 1) via PAM
http://bugzilla.mindrot.org/show_bug.cgi?id=118
Summary: Implement TIS (protocol 1) via PAM
Product: Portable OpenSSH
Version: -current
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P3
Component: sshd
AssignedTo: openssh-unix-dev at mindrot.org
ReportedBy: fcusack at
2004 Jan 25
1
Puzzled about PAM support in OpenSSH-3.7.1p2
I'm trying to understand the code around PAM support in auth2.c and
auth2-chall.c. I'm working with the OpenSSH 3.7.1p2 sources on
FreeBSD 4.x. The scenario I'm trying to make work is SSH login to a
captive accout for users in a RADIUS database but whose login does not
appear in /etc/passwd or getpwnam().
I understand that if the username is not found in getpwnam(), then the
2001 Feb 12
1
pam protocol 1 fix
is this ok?
symptom is:
debug1: Starting up PAM with username "stevesk"
debug1: Trying to reverse map address 127.0.0.1.
debug1: PAM setting rhost to "localhost"
debug1: Attempting authentication for stevesk.
debug1: PAM Password authentication for "stevesk" failed[9]: Authentication failed
Failed rsa for stevesk from 127.0.0.1 port 49568
Index: auth1.c
2004 Jul 01
4
[Bug 559] PAM fixes
http://bugzilla.mindrot.org/show_bug.cgi?id=559
------- Additional Comments From dtucker at zip.com.au 2004-07-01 13:40 -------
(From update of attachment 292)
OK, except for the last bit, I think this is all done.
>+#ifdef USE_PAM
>+ options.permit_empty_passwd &&
>+#endif
This is done in auth-passwd.c:
if (*password == '\0' &&
2002 Dec 05
1
patch to add a PAMServiceName config option
I append a patch against openssh-3.5p1.tar.gz which adds a config option
PAMServiceName. The option allows one to specify the PAM service at
runtime in the config file rather than using __progname or having it
hardwired to SSHD_PAM_SERVICE at compile time. I expect this to be useful
if one wants to run multiple instances of sshd using different PAM
configurations.
With this patch
2003 Aug 26
1
Locked account checks and PAM
Hi All.
I (actually the tinderbox[1]) found a problem with the fix for bug #422:
when PAM is enabled on a platform that uses /etc/shadow, the variable
"passwd" in auth.c is used uninitialized.
There's a simple patch attached to fix this.
The question is: should the locked account test be done when PAM is
enabled or should we rely on PAM to do the right thing? In theory they
2003 May 07
1
3.6.1p2, Spurious PAM failure messages WITH "PermitEmptyPasswords no", and a (micro) fix
Hi,
after installing 3.6.1p2 I noticed spurious PAM login failures
even with PermitEmptyPasswords set to "no":
sshd(pam_unix)[1740]: authentication failure; logname=XXX uid=0 euid=0
tty=NODEVssh ruser= rhost=localhost user=XXX
After looking at the code I noticed the following in the portability p2
patch:
+++ openssh-3.6.1p2/auth-passwd.c 2003-04-29 19:12:08.000000000 +1000
2001 Nov 01
1
Sol 2.8 - Samba 222- --with-pam compile errors
Hi
I'm attempting to compile samba 222 on Solaris 2.8 using Sun Forte 6 C
compiler but I'm getting error messages.
I used the following sequence of commands:
setenv CC cc
./configure --prefix=/usr/local/samba.22 --with-acl-support --with-pam
--with-pam_smbpass --with-syslog
make
See messages below:
================================================================
..........
2000 Oct 07
0
OpenSSH changes for BSD/OS
The following are patches against openssh 2.1.1p4 to add
support for the BSD_AUTH authentication mechanisms. It allows the
use of non-challenge/response style mechanisms (which styles are
allowed my be limited by appropriate auth-ssh entries in login.conf).
The patches also add support for calling setusercontext for the
appropriate class when called with a command (so that the PATH, limits,
2000 Jul 02
1
A error in auth.c of openssh-2.1.1p2 port on systems with a mixture of shadowed and non-shadowed passwords and Japanese Translations.
Hi.
I have found a error of
openssh-2.1.1p2 port on systems
with a mixture of shadowed and non-shadowed passwords.
I reported a same type of error to Mr. Miller
when openssh-1.2.1pre23 was released.
On our systems,
our local machines have shadowed /etc/passwd (and /etc/shadow)
and our NIS server distributes non-shadowed password
of general users.
We have to use
2002 May 21
1
PAM/winbindd/smb_pass/pam_smb_auth/smb_ntdom to authenticate SSH
Hello,
I'm currently running winbind (from Samba 2.2.3a) so that our
Windows users can ssh into our Linux box. I've set up Samba,
PAM and winbind, and it's working well. Users can see their
files, and they can log in using their windows usernames. No
problem.
When users access their Samba share, they don't need
to reauthenticate, because they've already done so with
the
2001 Feb 10
1
[PATCH] Tell PAM about remote host earlier
I was browsing the OpenSSH sources (which are very readable, thankyou
very much) and noticed that PAM was only being told what host the user
is logging in from for account processing - not for password
processing. As I can see no reason not to put this in start_pam this is
exactly what I have done - and attached a patch to this effect.
This allows PAM to fill in rhost= in its audit messages
2001 Feb 16
1
OpenSSH 2.3.0p1 port to BSDI BSD/OS
BSD/OS 4.2 comes with OpenSSH 2.1.1p4, patched to support BSDI's
authentication library. However, BSDI's patches have several
problems:
1. They don't run the approval phase, so they can allow users to login
who aren't supposed to be able to.
2. They don't patch configure to automatically detect the BSDI auth
system, so they're not ready to use in a general portable
2000 Oct 15
1
Patch for Digital Unix SIA authentication
A while back, I sent in a patch that added Digital Unix SIA
authentication to OpenSSH. Well, I just figured out that it didn't
handle everything correctly (locked accounts could still log in). I
thought I had checked that, but I guess I missed it.
Anyway, here is a patch against OpenSSH 2.2.0p1 that fixes this.
--
Chris Adams <cmadams at hiwaay.net>
Systems and Network Administrator
2001 Mar 01
1
Bug report against openssh-2.3.0p1
I am writing to report a bug in openssh-2.3.0p1, and to suggest
a fix.
I have OpenSSH installed on a Solaris 8 box. The output of
uname -a is:
> SunOS dipper.csi.cam.ac.uk 5.8 Generic_108528-06 sun4u sparc SUNW,Ultra-5_10
OpenSSH was configured with the following options:
> ./configure --prefix=/jackdaw --with-default-path=/jackdaw/bin:/usr/bin
On this OS, with this configuration, it
2006 Jan 27
1
Samba 3.0.21 +solaris 8 +xdm +pam +2003 AD
We have recently upgraded to :
samba-3.0.21
openssl-0.9.7g
krb5-1.4.3
openldap-2.3.11
db-4.4.16
cyrus-sasl-2.1.21
m4-1.4.4flex-2.5.31
autoconf-2.59
libiconv-1.9.1
gcc-3.4.2
bison-2.1
automake-1.9
libtool-1.5.22
and have got samba authenticating against our 2003 AD servers, however we now discovered that someone has setup xdm to use pam authentication to the old NT4 domain using xdm.pam and
2002 Mar 27
3
[Bug 192] monitor.c:545: undefined reference to `auth_password with USE_PAM on
http://bugzilla.mindrot.org/show_bug.cgi?id=192
------- Additional Comments From mouring at eviladmin.org 2002-03-28 04:04 -------
If I understand the PAM code (none of the PRIVSEP code has been made to work
with it right now) one should never called auth_password() they should
be calling auth_pam_password()..
So in mm_answer_authpassword() function it should look something like this
2002 Jul 30
0
patch: disable credential forwarding after password auth.
Dear list,
since the order of authentication and AFS token/KRB TGT forwarding
changed (around 3.0), we have had problems with users accidentally
overwriting their credentials from a "password" login with forwarded
credentials. E.g. user A logs in as user B, but stays with the AFS
permissions of user A. A workaround is to use "-k" on these sessions,
but "it worked without