Displaying 20 results from an estimated 2000 matches similar to: "sshd and pam_env both read /etc/environment, but assume different syntax"
2001 Dec 18
1
[PATCH]: Fix environment variable size restriction in Cygwin version
Hi,
the following patch changes the Cygwin specific function copy_environment()
to not restricting the strlen of a single environment variable to 512 byte.
The PAM specific function do_pam_environment() (also in session.c) has
the same problem but I don't know if that's important for PAM since
only PAM specific environment variables are copied in that function.
The below patch fixes
2002 Feb 12
0
[Patch] Xauthority file in /tmp
This issue has been discussed here and elsewhere a fair bit in the past
year or so, but to re-address the issue...
As of OpenSSH 2.9.something the ability to have an Xauthority located in
/tmp was removed, with the following description in the ChangeLog :
- markus at cvs.openbsd.org 2001/06/12 21:21:29
[session.c]
remove xauth-cookie-in-tmp handling. use default $XAUTHORITY, since
2000 Oct 07
0
OpenSSH changes for BSD/OS
The following are patches against openssh 2.1.1p4 to add
support for the BSD_AUTH authentication mechanisms. It allows the
use of non-challenge/response style mechanisms (which styles are
allowed my be limited by appropriate auth-ssh entries in login.conf).
The patches also add support for calling setusercontext for the
appropriate class when called with a command (so that the PATH, limits,
2001 Mar 02
0
Patch for system-wide default environment
We recently switched to OpenSSH from ssh 1.2.x and
I quickly noticed that /etc/environment processing has gone AWOL.
This patch adds a new sshd_config variable:
SysEnvFile
Specifies a file containing the system-wide default environment
in ``VARNAME=value'' format (default is none.) The contents of a
user's $HOME/.ssh/environment file, if
2001 Feb 16
1
OpenSSH 2.3.0p1 port to BSDI BSD/OS
BSD/OS 4.2 comes with OpenSSH 2.1.1p4, patched to support BSDI's
authentication library. However, BSDI's patches have several
problems:
1. They don't run the approval phase, so they can allow users to login
who aren't supposed to be able to.
2. They don't patch configure to automatically detect the BSDI auth
system, so they're not ready to use in a general portable
2003 Nov 11
1
AIX KRB5CCNAME problem
I believe there is a bug in how AIX handles the KRB5CCNAME environment
variable. The symptom occurs when a root user restarts sshd while they
have KRB5CCNAME set; all of the resulting client connections will inherit
the same KRB5CCNAME variable. This can occur if the admin uses 'ksu' or
some other kerberized method of obtaining root privileges.
Investigating this problem, I stumbled
2008 Jul 28
1
Problems authenticating Ubuntu 8.04 client (gdm) against Samba (Ubuntu 8.04) domain server
Hello,
Does anyone have a working pam configuration that allows gdm logins? My
current config works with ssh and bash logins. I'd like gdm to work
with usernames like DOMAIN\\USERNAME.
MORE DETAIL:
-------------------
I'm trying to get a Linux client (Ubuntu 8.04) to authenticate against a
Samba domain controller (also Ubuntu8.04). WindowsXP clients work fine
with the samba
2009 Oct 13
0
trouble with GDM -- linux client to samba
Hi all,
As an experiment I'm trying to log into a samba server (3.3.2) from
GDM. Both systems are running Ubuntu 9.04 and LDAP is not involved.
But it's not working.
The test user credentials are donkey/donkey .
On the client:
# net rpc join -S 192.168.0.1 -U root
Enter root's password:
Joined domain LAB-SAMBA.
# wbinfo -t
checking the trust secret via RPC calls succeeded
#
2000 Jan 19
3
AIX openssh patches
I have a few patches for AIX. The patchfile is attached below. The patch
has been tested on AIX4.2 and AIX4.3. The patch is on openssh-1.2.1pre25,
with openssl-0.94, using RSAref.
1) authenticate support - this function allows the system to determine
authentification. Whatever the system allows for login, authenticate
will too. It doesn't matter whether it is AFS, DFS, SecureID, local.
2001 Mar 29
3
Patches for OpenSSH 2.5.2p2: evaluate /etc/default/login, makefiles manpages
Dear developers of OpenSSH,
first of all I want to thank you for your excellent work on OpenSSH!
I have compiled OpenSSH 2.5.2p2 on Sun Solaris 2.6 and Sun Solaris 8
and discovered some problems.
The first is that OpenSSH doesn't evaluate the file /etc/default/login
which contains some flags and parameters for the login process.
On important parameter is the default value for PATH.
As we
2009 Jun 03
3
Samba+Ldap problems
I'm trying to trobuleshoot my previuos problem from the basics.
I've a box setup with Ubuntu, samba and ldap. I have a lot of problems with
user authentications.
I'm checking if LDAP and PAM ar working together. I've added an user to ldap
with smbldap-useradd command (as posix account) and I'm trying to use it to
login via ssh. This user cannot authenticate.
Here is the result
2003 Sep 24
1
Patches for compatibility with Heimdal's libsia_krb5 SIA module
I have found the following patches to be desirable for using sshd on a
Tru64 UNIX system with the Kerberos 5 SIA module (libsia_krb5.so) from
Heimdal.
These patches do the following:
1) preserve context between the password authentication and the session
setup phases. This is necessary because the Heimdal SIA module stores
Kerberos context information as mechanism-specific data in
2000 Dec 27
0
Problems with reading pam_env and setting enviroment variables
Hi guys,
here's another nasty bug in openssh that I also noticed. Has this
already been fixed or would someone please take care of this? Thanks.
> If I enable the line:
> auth required pam_env.so
> to the ssh pam file, with the following line in
> /etc/security/pam_env.conf
> file:
> PATH DEFAULT=/usr/local/bin:/bin:/usr/bin:/usr/bin/X11:/usr/games
> then
2000 Oct 15
1
Patch for Digital Unix SIA authentication
A while back, I sent in a patch that added Digital Unix SIA
authentication to OpenSSH. Well, I just figured out that it didn't
handle everything correctly (locked accounts could still log in). I
thought I had checked that, but I guess I missed it.
Anyway, here is a patch against OpenSSH 2.2.0p1 that fixes this.
--
Chris Adams <cmadams at hiwaay.net>
Systems and Network Administrator
2000 Sep 04
1
trivial patch to post overridden command into env
I am not 100% positive of the security implications of this, but I
really can't see any potential for harm.
If this patch is applied (I coded it against the now-current
openssh-2.2.0p1), then if (a) the authorized_keys entry has
command="whatever" to force a specific command, and also (b) the
invoker specified some command on their ssh cmdline, then the
invoked command will be
2009 Jun 10
1
Bug#532719: logcheck-database: filter pam_env complaining about missing /etc/default/locale
Package: logcheck-database
Version: 1.2.69
Severity: normal
on systems without configured global locale, i get lines like this in
the logcheck filtered logs:
Jun 10 21:12:13 ... sshd[9729]: pam_env(sshd:setcred): Unable to open env file: /etc/default/locale: No such file or directory
this looks like a warning that is perfectly ok but does not do any harm
and occurs because when no global locale
2002 Jul 25
3
[PATCH] prevent users from changing their environment
We have a system on which users are given a very restricted environment
(their shell is a menu) where they should not be able to run arbitrary
commands. However, because their shell is not statically linked, ld.so
provides a nice clutch of holes for them to exploit. The patch below
adds a new configuration option to sshd which quashes their attempts
to set LD_PRELOAD etc. using ~/.ssh/environment
2000 Aug 27
0
patch for TIS (skey/opie) *and* passwd auth via PAM
Hello,
appended is a patch that makes it possible to use PAM both for
password authentication and TIS (i.e. s/key or opie or any other
interactive challenge/response scheme). I have developed this starting
from the patch at http://www.debian.org/Bugs/db/61/61906.html on
Debian with openssh-2.1.1p4-3. After configuring ssh with
--with-pam-tis, there are two PAM services, "sshd" and
2000 Feb 27
0
[PATCH] Fix login.conf, expiration, BSD compatibility in OpenSSH
This patch revive almost all login.conf and password/account expiration
features, makes OpenSSH more FreeBSD login compatible and fix non-critical
memory leak.
Please review and commit.
--- sshd.c.old Fri Feb 25 08:23:45 2000
+++ sshd.c Sun Feb 27 02:53:33 2000
@@ -37,9 +37,8 @@
#endif /* LIBWRAP */
#ifdef __FreeBSD__
-#include <libutil.h>
-#include <syslog.h>
#define LOGIN_CAP
2001 Feb 26
0
Problems with OpenSSH 2.5.1p1 on Solaris 8
Hi,
I'm not subscribed, so keep me in cc. And thanks for having mailing-list
open for posting.
I had a couple of problems with OpenSSH on Solaris 8/MU3 + recent patches.
1) When I tried to use scp from any other host, sshd on Solaris host
crashed with SIGSEGV. Here's the stack trace:
core 'core.sshd.7637' of 7637: ./sshd -d -d -d
fefb393c strncpy (ffbee074, 5, 7, 0,