similar to: pam session in linux port

On Tue, Jun 19, 2001 at 03:11:02AM +0200, Christian Kraemer wrote: > This is espacially anoying if you > use pam_limits.so to set rlimits. Every user could > cirrcumvent them easily by calling ssh in this way: > ssh user at server /bin/sh Interestingly, Debian 2.2's openssh (1:1.2.3-9.3) does enforce rlimits somehow, not sure if it was specifically patched to do this or perhaps

On 2001-10-26 at 13:35:50 Nicolas Williams <Nicolas.Williams at ubsw.com> wrote: > On Fri, Oct 26, 2001 at 02:11:13PM +0200, Markus Friedl wrote: > > On Fri, Oct 26, 2001 at 10:14:21AM +1000, Damien Miller wrote: > > > On Thu, 25 Oct 2001, Ed Phillips wrote: > > > > > > > What is the reasoning behind this? Do we want to see a lastlog entry for >

Hi, I have an account server with many users. It uses pam_limits module to limit memory usage etc. The problem is that sometimes SSH rejects connection after the password is entered. In syslog it prints something like "fork: Resource temporary unavailable". After killing some root processes it works perfectly. Perhaps the daemon first sets process limits and then switches to

-----BEGIN PGP SIGNED MESSAGE----- Hi, I''ve got several replies, thank you for them. Let me summarize: o Many people say there is a PAMified version of ssh available at ftp://ftp.replay.com/pub/crypto/redhat/SRPMS (the source) ftp://ftp.replay.com/pub/crypto/redhat/i386 (Intel binaries) (there are analogous paths for the other architectures). The packages are made by Jan

http://bugzilla.mindrot.org/show_bug.cgi?id=732 ------- Additional Comments From dtucker at zip.com.au 2003-12-22 21:40 ------- Which PAM modules do you have in your sshd PAM stack? ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

I'm using Dovecot 1.1.7 on CentOS 5.2. I've changed my passdb from passwd to pam, it works fine, but I've found this messages on /var/log/secure: dovecot-auth: PAM adding faulty module: /lib64/security/pam_limits.so dovecot-auth: PAM unable to dlopen(/lib64/security/pam_limits.so) dovecot-auth: PAM [error: /lib64/security/pam_limits.so: failed to map segment from shared object:

on hp-ux 11 i see: $ date;ssh jenny Fri Oct 12 14:44:13 PDT 2001 Last successful login for stevesk: Fri Oct 12 10:45:42 PST8PDT 2001 on pts/2 Last unsuccessful login for stevesk: Mon Sep 24 22:55:53 PST8PDT 2001 Last login: Fri Oct 12 10:45:43 2001 from 172.31.1.53 You have mail. so solaris PAM is different. can other solaris+PAM users confirm this? On Fri, 12 Oct 2001, Benn Oshrin wrote:

In OpenSSH 3.6.1p2, pam_open_session() ran with a conversation function, do_pam_conversation(), that fed text to the client. In OpenSSH 3.7.1p2, this is no longer the case: session modules run with a conversation function that just returns PAM_CONV_ERR. This means that simple session modules whose job involves printing text on the user's terminal no longer work: pam_lastlog, pam_mail, and

Hi all. OpenSSH_4.1p1, OpenSSL 0.9.7g 11 Apr 2005 on Solaris 8 using host-based authentication. With "PrivilegeSeparation yes" and "UsePAM no" everything works as desired. If I enable PAM, I am able to connect, but just before it gives me a shell, it disconnects. If I leave PAM enabled and disable PrivilegeSeparation, it works. Is this a current limitation, or is there

http://bugzilla.mindrot.org/show_bug.cgi?id=926 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- OtherBugsDependingO|994 | nThis| | ------- Additional Comments From dtucker at zip.com.au 2005-05-22 11:03 -------

regarding the segfault that shows up when calling pam_open_session in sshd under solaris-- In the dec 1 Solaris 7 patch report update, there is one mention of pam: Patch-ID# 107285-01 Synopsis: SunOS 5.7: passwd & pam_unix.so.1 patch BugId's fixed with this patch: 4172457 Changes incorporated in this version: Date: Aug/17/99 but it doesn't seem to be freely available -- when looking

http://bugzilla.mindrot.org/show_bug.cgi?id=1002 Summary: sshd does not report failed PAM session modules to the client side Product: Portable OpenSSH Version: 4.0p1 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: openssh-bugs

I hit a small snag using Dovecot-imapd smoothly in my environment with maildir and most of my accounts in LDAP. Since the accounts are created through a web interface on another server home directories on the mail server don't get created automatically. There's the handy pam module pam_mkhomedir.so to automagically create home directories, but unfortunatly Dovecot wasn't calling

To stem the tide of support requests from people who don't read the INSTALL file when installing OpenSSH and then complain about password auth failing. I am considering the idea of automagically installing a PAM file into /etc/pam.d if it exists, PAM support is enabled and no such file already exists. I have a couple of questions: - How is PAM controlled on Solaris? Is there a pam.d

On Mon, 22 Nov 1999, Philip Brown wrote: > [ Marc G. Fournier writes ] > > debug("PAM_retval(open_session) about to run"); > > pam_retval = pam_open_session((pam_handle_t *)pamh, 0); > > > > > =========================================== > > > > so, its looking like I'm authenticated properly, but when trying to set up > > the

https://bugzilla.mindrot.org/show_bug.cgi?id=3723 Bug ID: 3723 Summary: sshd failed to close session when client specifies no remote command Product: Portable OpenSSH Version: 8.0p1 Hardware: amd64 OS: Linux Status: NEW Severity: minor Priority: P5 Component: PAM

Beyond any more general questions of whether pam sessions *should* be run as root, is there an immediate security concern with moving the pam_open_session (and pam_setcred) stuff to the parent (root) process? (E.g., via the patch below.) -- Mike Stone diff -u -r1.4 auth-pam.c --- auth-pam.c 25 Jun 2002 00:45:33 -0000 1.4 +++ auth-pam.c 25 Jun 2002 20:33:41 -0000 @@ -286,6 +286,8 @@

We recently started upgrading OpenSSH on our Sol8 systems and we've run into a problem were we can run commands on a remote system since we installed 3.7.1p1. The debug output from sshd is attached below. We use PAM in our environment, and have since 2.9.9p2. I think most of the systems were running 3.4p1 prior installing 3.7.1p1 and they were working - the only thing we replaced was

Hi All. Has anyone else tried the current tree on Solaris 8? I installed a recommended patch cluster and now I get PAM errors, but only on a non-interactive (ie no TTY) login. I think this behaviour was introduced with the patch cluster. First thing is that in debug mode, the debug at auth-pam.c:534 derefs tty which is null, and segfaults. This occurs in debug mode only and is easy to fix.

I'm using OpenSSH-2.9.9p2 on Solaris 8 sparc64. 2.9p2 worked fine, but 2.9.9p2+ is giving me trouble with one thing - sshd segfaults if I try to connect and execute a command, such as "ssh machine ls". Otherwise it works great. sshd will fork, and the child process segfaults. CVS snapshot does the same thing. I've narrowed this down somewhat. It will only happen if you use