similar to: PAM namespace.

When we installed OpenSSH 2.1.1p4 on our Solaris systems, our users noticed that it did not honor password expiration consistently with other Solaris login services. The patch below is against OpenSSH 2.2.0p1 and adds support for PAM password changes on expiration via pam_chauthtok(). A brief summary of changes: auth-pam.c: * change declaration of pamh to "static pam_handle_t *pamh",

Package: logcheck Version: 1.2.23 Severity: normal Hello, I have: # /bin/cat ignore.d.server/cron ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ crontab\[[0-9]+\]: \([[:alnum:]-]+\) LIST \([[:alnum:]-]+\)$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ crontab\[[0-9]+\]: \([[:alnum:]-]+\) REPLACE \([[:alnum:]-]+\)$ and: # /bin/cat ignore.d.paranoid/cron ^\w{3} [ :0-9]{11} [._[:alnum:]-]+

I recent upgraded to 2.2.8, which went fine. When I checked smbclient -L firewall, I saw I Lost my printer share. I am using CUPS v1.1.3 for printing. When I went back to 2.2.7a it reappeared. 2 questions: 1> Why did it do this? I ./configured it --enable-cups- --with-pam_(smb) 2> Is there and advantage of upgrading such a small step? Or are there a big enough issues to warrant this

>Neither the Sun PAM documentation nor the Linux-PAM documentation >describe the semantics of PAM_REINITIALIZE_CREDS in any useful detail. I would agree it is vague, but then that is also a problem with the XSSO document (http://www.opengroup.org/onlinepubs/008329799/) >Could we please have a clarification on the semantics of >PAM_CRED_ESTABLISH vs. the semantics of

On Mon, 22 Nov 1999, Philip Brown wrote: > [ Marc G. Fournier writes ] > > debug("PAM_retval(open_session) about to run"); > > pam_retval = pam_open_session((pam_handle_t *)pamh, 0); > > > > > =========================================== > > > > so, its looking like I'm authenticated properly, but when trying to set up > > the

Hi I just "stumbled" over the flags settings in pam_password_change_required(). As far as I looked over the OpenSSH code, setting/resetting the 2nd bit in those flags from auth-options.c whould only make sense if the flags are checked to be 0/1 in the remaining OpenSSH code. Frank

The recently-left programmer did *something*, and he didn't know what, and the guy who picked it up is working with me to find out why /var/log/messages is getting flooded with Oct 26 11:01:06 <servername> kernel: type=1105 audit(1477494066.569:642430): pid=108551 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 msg='op=PAM:session_open

-----BEGIN PGP SIGNED MESSAGE----- Hi, I''ve got several replies, thank you for them. Let me summarize: o Many people say there is a PAMified version of ssh available at ftp://ftp.replay.com/pub/crypto/redhat/SRPMS (the source) ftp://ftp.replay.com/pub/crypto/redhat/i386 (Intel binaries) (there are analogous paths for the other architectures). The packages are made by Jan

Package: logcheck Version: 1.2.54 Severity: normal In the file ignore.d.paranoid/cron there are the rules ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ CRON\[[0-9]+\]: \(pam_[[:alnum:]]+\) session opened for user [[:alnum:]-]+ by \(uid=[0-9]+\)$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ CRON\[[0-9]+\]: \(pam_[[:alnum:]]+\) session closed for user [[:alnum:]-]+$ to ignore lines like 10:17:01 at 04-03-2007 tooar

looks like auditd logging is a bit tweaked. eero 26.10.2016 6.11 ip. <m.roth at 5-cent.us> kirjoitti: > The recently-left programmer did *something*, and he didn't know what, and > the guy who picked it up is working with me to find out why > /var/log/messages is getting flooded with > Oct 26 11:01:06 <servername> kernel: type=1105 > audit(1477494066.569:642430):

http://bugzilla.mindrot.org/show_bug.cgi?id=808 Summary: segfault if not using pam/keyboard-interactive mech and password's expired Product: Portable OpenSSH Version: 3.8p1 Platform: Sparc OS/Version: Solaris Status: NEW Severity: normal Priority: P2 Component: PAM support

Hello, I am using OpenSSH-3.8p1 on HP-UX machine with USE_POSIX_THREADS option. This is for making the kerberos credentials file to be created in the system with PAM. In OpenSSH versions 3.5 when authentication is done with pam kerberos, a /tmp/krb5cc_X_Y file is created on the server side. But the KRB5CCNAME variable is not set by default. So, after we manually set this environment variable, the

Hello all, The long-mooted PAM merge from FreeBSD is starting _now_. This replaces the PAM password auth kludge that we have used until now with a discrete challenge-response module. This module is invoked via keyboard-interactive for protocol 2 or TIS auth for protocol 1. Warning: this is a large change and will probably break things. It has only been tested with basic password auth modules and

Currently, OpenSSH prints the message: "Warning: You password has expired, please change it now" if the password has expired. It would be nice if the user could/had to change password before continuing, like with Linux console login. I've tried to make an patch, but it doesn't work. Ideas? --- auth-pam.c.org Wed Oct 11 18:03:43 2000 +++ auth-pam.c Wed Oct 11 18:03:44

Anyone out there know more about PAM under Solaris 7/x86 then I do, that can maybe tackle this, and/or suggestion a route to take to fix? After doing some debugging, it looks like the problem is a seg fault at: sshd.c:void pam_cleanup_proc(void *context) =========================================== debug("PAM_retval(open_session) about to run"); pam_retval =

I've attached two patches. The first just changes the output of "ssh -V" to print that it was built against rsaref if libRSAglue (which is built as part of openssl only when it is built against rsaref) is present at build-time. The second adds appropriate calls to pam_setcred() in sshd. Without them, our systems can't access AFS because the PAM modules only get tokens at a

Can't compile sshd.c because of pam errors. The errors are attached below, and I apologize for the >75 chars a line. RH4.2, with the latest updates, runs pam-0.57-5. I could upgrade PAM from source, but I'd probably break other programs. gcc -g -O2 -Wall -I/usr/local/ssl/include -DETCDIR=\"/etc/ssh\" -DSSH_PROGRAM=\"/usr/bin/ssh\"

Hi, I've recently had the pleasure of compiling OpenSSH for an older Linux 2.0/libc 5 machine. It comes with an older version of PAM, and the configure script rightfully triggers HAVE_OLD_PAM. I've found that some PAM_*_CRED #defines have changed, and this prevents auth-pam.c from compiling, so I made the obvious fix. The attached patch is against OpenSSH 2.9p2. Things to consider: -

25 Mar 2001 pam_smbpass is a PAM module which can be used on conforming systems to keep the smbpasswd (Samba password) database in sync with the unix password file. PAM (Pluggable Authentication Modules) is an API supported under some Unices, such as Solaris, HPUX and Linux, that provides a generic interface to authentication mechanisms. For more information on PAM, see

Hi, There have been a bunch of useful submissions for the compare /contrast thread. To reduce the load on your mailbox, they are gathered here in one go... Roger. Date: Wed, 28 Oct 1998 15:11:37 +0000 From: "David L. Sifry" <dsifry@linuxcare.com> To: "Matthew S. Crocker" <matthew@crocker.com> CC: Rob Bringman <rob@trion.com>,