similar to: RSA authentication bypassing /etc/nologin

Hi, and here's another bug report against openssh which I could verify using openssh from cvs. So could we please change the behaviour of openssh to be consistent? > when /etc/nologin exists and the pam_nologin.so module is included in > the sshd pam file then users will be denied access when it exists > (though its contents are not displayed to them) however if the user >

Hello, While experimenting with the "nologin" extra field, I met a possibly overlooked behavior. Let's suppose the user database has those two columns: enabled: the user may/may not login (account active/not active) nologin: NULL if the mailbox is available, '!' if it is currently suspended (for maintenance reasons) The password_query: password_query = SELECT

Hello, Still busy with details... Considering, as in my previous example, a password_query returning '!' or NULL for the "nologin" column, depending on an account's status (suspended or not). Let's consider a suspended user "some.user". In the case of a successful authentication, one has: sh-3.2# doveadm auth test some.user goodpassword; echo $? passdb:

Here's a patch for a feature I'm used to having in the old commercial ssh. It checks for usernames the file /etc/nologin.allow when /etc/nologin is in place, and lets the users mentioned in /etc/nologin.allow in regardless of /etc/nologin. This is very usefull for remote administration of servers. Please consider applying this. -jf -------------- next part -------------- ---

Hi, I've tried to use the "nologin" extra password-db field as specified here: https://wiki.dovecot.org/PasswordDatabase/ExtraFields/NoLogin Due to lack of exact documentation, I've tried to use `nologin`='y' for users that can't login, and setting `nologin`='n' for normal users. Apparently setting it to NULL for normal users would have been correct, as

I notice that the nologin parameter for the AUTH command is gone in version 1.1 of Dovecot Authentication Protocol. nologin was added in 1.1, so that authentication client could indicate that there will be no subsequent master requests to retrieve user info. Could we have nologin back please? Kirill

Attached is a patch to be applied with GNU patch -p0, notice that configure needs to be regenerated. The patch addresses the following annoyances: * On AIX there is a signal called SIGDANGER which is sent to all processes when the machine runs low on virtual memory. This patch makes sure that this signal is ignored, because the default on older AIX releases is to kill the running process

hi, the man page for sshd(1) says about /etc/nologin: "The file should be world-readable". However, nologin has no effect if it's not readable by the connecting user: if (pw->pw_uid) f = fopen(_PATH_NOLOGIN, "r"); if (f) { /* /etc/nologin exists. Print its contents and exit. */ ... ... return(254) if root has a

On Thu, 10 Jan 2019 at 16:09, Kenneth Porter <shiva at sewingwitch.com> wrote: > I updated to CentOS 7.6 and something must have changed in the base OS > setup that prevents vsftpd from allowing logins for accounts with > /sbin/nologin as their shell. I had to add that to /etc/shells so that > such > accounts could FTP again. That file is in the setup package. Did it >

I am running Dovecot with system users (userdb passwd), but some of those users don't have shell accounts on the IMAP server so their shell on that machine is set to /usr/sbin/nologin. Currently I am using maildirs and this is not a problem, but I am in the process of switching to dbox which means I will need a cronjob running 'doveadm purge -A'. During testing I found that those

My apologies if this has already been discussed. I looked through the mailing list archives and couldn't see any mention of this problem. I compiled and installed openssh-2.3.0p1 on a sparc running SunOS 5.7, and while I was testing it to make sure everything was working properly, I noticed that when I used PAM to authenticate, rather than /bin/login, sshd was not honoring /etc/nologin. I

--On Thursday, January 10, 2019 4:17 PM -0500 Stephen John Smoogen <smooge at gmail.com> wrote: > So I think this is a side effect of a long term argument of the security > nature of /sbin/nologin > > https://serverfault.com/questions/328395/nologin-in-etc-shells-is-dangero > us-why > https://lists.fedoraproject.org/archives/list/devel at lists.fedoraproject.o >

I'm seeing a problem under AIX (4.3.3, 5.1, 5.2) very similar to bug #178. It occurs with both 3.6.1p1 and openssh-SNAP-20030910. If /etc/nologin is present, a session requesting a pty will hang, apparently when the sshd parent tries to close the pty slave. As in bug #178, adding a brief sleep to the child sshd anytime after the fork seems to clear up the problem (though I agree that this

Hi developers, today I tried to disable logins to an ssh server by putting a nologin file into /etc. This only worked for logins that use the password authentication mechanism. publickey-based authentications still succeeded and the users were allowed into the system. This seems straightforward to me since openssh 4.3 disabled the evaluation of /etc/nologin in favour of pam_nologin but

Hi, Can you please provide me with an working example of clustering in R (not very complicated) and with an example of survey in R. We would appreciate this very much. We need them as soon as possible. Thanks and Regards, Aurel Razvan Duica Programming SME Infra Integration DeVelopment Center of Choice, Cyprus +357-25-886298 (Desk) +357-25-886220 (Fax) AMDOCS > INTEGRATED CUSTOMER

http://bugzilla.mindrot.org/show_bug.cgi?id=1045 Summary: Missing option for ignoring the /etc/nologin file Product: Portable OpenSSH Version: 4.0p1 Platform: All OS/Version: Linux Status: NEW Severity: enhancement Priority: P2 Component: sshd AssignedTo: bitbucket at mindrot.org

http://bugzilla.mindrot.org/show_bug.cgi?id=178 Summary: Content of /etc/nologin isn't shown to users, fix triggers probably AIX bug Product: Portable OpenSSH Version: 3.1p1 Platform: PPC OS/Version: AIX Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo:

I need to be able to setup a nologin system for users on my mail server on a per user basis. We are going to do some maintenance on each user (individually) and would like it if they could not login to dovecot while we do this. I was curious if dovecot implemented anything like this. We are currently using standard pam authentication (nothing db related) and I was hoping to be able to touch a

On Monday 21 of November 2016, @lbutlr wrote: > On Nov 21, 2016, at 7:39 AM, Arkadiusz Mi?kiewicz <arekm at maven.pl> wrote: > > reason is the only thing in maillog that allows to distinguish why user > > was not allowed to log in. > > Um? the only thing? How about where you set the reason in the first place? That "first" place is constantly changing

I updated to CentOS 7.6 and something must have changed in the base OS setup that prevents vsftpd from allowing logins for accounts with /sbin/nologin as their shell. I had to add that to /etc/shells so that such accounts could FTP again. That file is in the setup package. Did it include /sbin/nologin before? I don't have anything in my notes from setting up the system last year about