Displaying 20 results from an estimated 1000 matches similar to: "2.1.1p2 HP-UX 11 PAM General Commerical Security error"
2000 Sep 13
2
auth-pam.c support for pam_chauthtok()
When we installed OpenSSH 2.1.1p4 on our Solaris systems, our users
noticed that it did not honor password expiration consistently with
other Solaris login services.
The patch below is against OpenSSH 2.2.0p1 and adds support for PAM
password changes on expiration via pam_chauthtok(). A brief summary of
changes:
auth-pam.c:
* change declaration of pamh to "static pam_handle_t *pamh",
1999 Nov 22
1
[s-x86] OpenSSH 1.2pre14 fails on pam_open_session() ...
On Mon, 22 Nov 1999, Philip Brown wrote:
> [ Marc G. Fournier writes ]
> > debug("PAM_retval(open_session) about to run");
> > pam_retval = pam_open_session((pam_handle_t *)pamh, 0);
>
> >
> > ===========================================
> >
> > so, its looking like I'm authenticated properly, but when trying to set up
> > the
2004 Jun 14
1
PAM_RHOST item
A little problem, which is bugging me: when using PAM authentication,
Dovecot (0.99.5) does not set the PAM_RHOST item, so the PAM modules
cannot know who the client is. We need this for some PAM module doing
access control.
Changing passdb-pam.c to pam_set_item it seems trivial, but I'm bugged
as to how to get the client name from there. It seems not to be
available in the auth_request
2002 Dec 21
6
[PATCH] PAM chauthtok + Privsep
Hello All.
Attached is an update to my previous patch to make do_pam_chauthtok and
privsep play nicely together.
First, a question: does anybody care about these or the password
expiration patches?
Anyway, the "PRIVSEP(do_pam_hauthtok())" has been moved to just after
the pty has been allocated but before it's made the controlling tty.
This allows the child running chauthtok to
2003 Oct 29
4
Fix for USE_POSIX_THREADS in auth-pam.c
As many of you know, OpenSSH 3.7.X, unlike previous versions, makes
PAM authentication take place in a separate process or thread
(launched from sshpam_init_ctx() in auth-pam.c). By default (if you
don't define USE_POSIX_THREADS) the code "fork"s a separate process.
Or if you define USE_POSIX_THREADS it will create a new thread (a
second one, in addition to the primary thread).
The
1998 Oct 07
1
Re: sshd and PAM [summary]
-----BEGIN PGP SIGNED MESSAGE-----
Hi,
I''ve got several replies, thank you for them. Let me summarize:
o Many people say there is a PAMified version of ssh available at
ftp://ftp.replay.com/pub/crypto/redhat/SRPMS (the source)
ftp://ftp.replay.com/pub/crypto/redhat/i386 (Intel binaries)
(there are analogous paths for the other architectures). The packages
are made by Jan
2020 Jul 21
11
[RFC PATCH 0/4] PAM module for ssh-agent user authentication
Hi,
The main (and probably the only) use case of this PAM module is to let
sudo authenticate users via their ssh-agent, therefore without having
to type any password and without being tempted to use the NOPASSWD sudo
option for such convenience.
The principle is originally implemented by an existing module [0][1]
and many pages that explain how to use it for such purpose can be
found online.
2001 Oct 25
6
Regarding PAM_TTY_KLUDGE and Solaris 8...
>Okay, this appears to be a problem with pam_unix.so - the code in
>pam_sm_open_session is written with the assumption that the tty name is of
>the form "/dev/" + something else on the end. I'm not sure why the
pam_sm_open_session in pam_unix on Solaris now does this:
/* report error if ttyn or rhost are not set */
if ((ttyn == NULL) || (rhost == NULL))
2002 Dec 10
5
[PATCH] Password expiry with Privsep and PAM
Hi All.
Attached is a patch that implements password expiry with PAM and
privsep. It works by passing a descriptor to the tty to the monitor,
which sets up a child with that tty as stdin/stdout/stderr, then runs
chauthtok(). No setuid helpers.
I used some parts of Michael Steffens' patch (bugid #423) to make it
work on HP-UX.
It's still rough but it works. Tested on Solaris 8 and
2003 Sep 23
5
PAM sessions and conversation functions
In OpenSSH 3.6.1p2, pam_open_session() ran with a conversation function,
do_pam_conversation(), that fed text to the client. In OpenSSH 3.7.1p2,
this is no longer the case: session modules run with a conversation
function that just returns PAM_CONV_ERR. This means that simple session
modules whose job involves printing text on the user's terminal no
longer work: pam_lastlog, pam_mail, and
1999 Dec 28
0
Patches to report rsaref build and to call pam_setcred
I've attached two patches. The first just changes the output of "ssh -V"
to print that it was built against rsaref if libRSAglue (which is built
as part of openssl only when it is built against rsaref) is present at
build-time. The second adds appropriate calls to pam_setcred() in sshd.
Without them, our systems can't access AFS because the PAM modules only
get tokens at a
2001 Feb 26
1
2.5.1p1 on Redhat Linux 6.2 using PAM does not log closing of session
Hello all,
On Redhat 6.2, the PAM_unix module logs the session opening, but not
the session closing. This was logged as of 2.3.0p1. Upgrading to
2.5.1p1 makrs the start of the problem.
Thanks in advance,
Victor
--
Victor J. Orlikowski
======================
v.j.orlikowski at gte.net
orlikowski at apache.org
vjo at us.ibm.com
2001 Feb 10
1
[PATCH] Tell PAM about remote host earlier
I was browsing the OpenSSH sources (which are very readable, thankyou
very much) and noticed that PAM was only being told what host the user
is logging in from for account processing - not for password
processing. As I can see no reason not to put this in start_pam this is
exactly what I have done - and attached a patch to this effect.
This allows PAM to fill in rhost= in its audit messages
2005 Jan 27
1
Dovecot doesn't call pam_open_session, thus dodging pam_mkhomedir
I hit a small snag using Dovecot-imapd smoothly in my environment
with maildir and most of my accounts in LDAP. Since the accounts are
created through a web interface on another server home directories on
the mail server don't get created automatically. There's the handy pam
module pam_mkhomedir.so to automagically create home directories, but
unfortunatly Dovecot wasn't calling
1999 Nov 21
1
openssh 1.2pre13 on Linux/i386 RH4.2 problems
Can't compile sshd.c because of pam errors. The errors are attached
below, and I apologize for the >75 chars a line. RH4.2, with the
latest updates, runs pam-0.57-5. I could upgrade PAM from source, but
I'd probably break other programs.
gcc -g -O2 -Wall -I/usr/local/ssl/include -DETCDIR=\"/etc/ssh\" -DSSH_PROGRAM=\"/usr/bin/ssh\"
2000 Oct 11
1
Expired passwords & PAM
Currently, OpenSSH prints the message:
"Warning: You password has expired, please change it now"
if the password has expired. It would be nice if the user could/had to
change password before continuing, like with Linux console login. I've
tried to make an patch, but it doesn't work. Ideas?
--- auth-pam.c.org Wed Oct 11 18:03:43 2000
+++ auth-pam.c Wed Oct 11 18:03:44
2016 Dec 14
1
cwrap: pam_wrapper: pam_wrapper.c errors
An embedded and charset-unspecified text was scrubbed...
Name: pam_wrapper.c
URL: <http://lists.samba.org/pipermail/samba/attachments/20161214/1f29843b/pam_wrapper.c>
2002 Feb 14
2
[Bug 117] OpenSSH second-guesses PAM
http://bugzilla.mindrot.org/show_bug.cgi?id=117
------- Additional Comments From djm at mindrot.org 2002-02-15 10:10 -------
> OpenSSH traditionally would not even start PAM, and
> now starts it specifying 'NOUSER' as the login name.
We have always used NOUSER, the recent patch just makes it consistent between
protocols 1 and 2.
> The second is to prevent username guessing
1999 Nov 22
0
OpenSSH 1.2pre14 fails on pam_open_session() ...
Anyone out there know more about PAM under Solaris 7/x86 then I do, that
can maybe tackle this, and/or suggestion a route to take to fix?
After doing some debugging, it looks like the problem is a seg fault at:
sshd.c:void pam_cleanup_proc(void *context)
===========================================
debug("PAM_retval(open_session) about to run");
pam_retval =
2004 Jul 09
1
passing remote ip to pam
to improve forensic log info i want to set the PAM_RHOST value to the
remote ip (which pam logs as rhost=foo in failure messages). i didn't
look to see if anything has been done in this way on CVS because i'm still
on 0.99.10.6.
below is a bit of a hack. in some sense the remote_ip might make more
sense in the AUTH_LOGIN_REQUEST_NEW packet rather than the continue
packet... but that