similar to: Regarding PAM_TTY_KLUDGE and Solaris 8...

Hello, all- Apparently, under Solaris (I can personally confirm SunOS 5.7 and 5.8), pam_open_session will generate a segfault if PAM_TTY is not set. The obvious symptom of this is that OpenSSH 2.9.9p2 will segfault on any operation that does not request a tty (do_exec_no_pty). Based on a quick google search, this seems to have been encountered by others, though the specific symptoms seem to

When we installed OpenSSH 2.1.1p4 on our Solaris systems, our users noticed that it did not honor password expiration consistently with other Solaris login services. The patch below is against OpenSSH 2.2.0p1 and adds support for PAM password changes on expiration via pam_chauthtok(). A brief summary of changes: auth-pam.c: * change declaration of pamh to "static pam_handle_t *pamh",

Trying 2.1.1p2 on HP-UX 11 (trusted system) I get: Jul 3 14:24:53 robinson sshd[1236]: debug: Encryption type: 3des Jul 3 14:24:53 robinson sshd[1236]: debug: Received session key; encryption turned on. Jul 3 14:24:53 robinson sshd[1236]: debug: Installing crc compensation attack detector. Jul 3 14:24:53 robinson sshd[1236]: debug: Starting up PAM with username "stevesk" Jul 3

With OpenSSH 2.9.9p2 as the server, I'm not able to do scp or "ssh machinename command" in general to any of my Suns! I tracked this down a bit; the problem occurs only when PAM support is enabled. However, if I remove line 430 of session.c, "do_pam_session(s->pw->pw_name, NULL);" inside of do_exec_no_pty, the problem goes away. It looks like the following entry

Hello everyone, I am trying to adjust the systemd-logind classification of the SSH session opened by Ansible client. By default the SSH session created by Ansible client is Class=user and Type=tty in systemd-logind. pam_systemd.so allows users to change this default via the environment variables XDG_SESSION_CLASS and XDG_SESSION_TYPE. When I set these variables on the client and make sure they

Hello All. Attached is an update to my previous patch to make do_pam_chauthtok and privsep play nicely together. First, a question: does anybody care about these or the password expiration patches? Anyway, the "PRIVSEP(do_pam_hauthtok())" has been moved to just after the pty has been allocated but before it's made the controlling tty. This allows the child running chauthtok to

HI!, I am using virt-manager GUI. There I can add a `Console Device` through Add Hardware. I can add a virtio pty WITHOUT restarting the VM. also I get a pty allocated to host machine say `/dev/pty/M` My expectation is this `host:/dev/pty/M` is connected with a `guest:/dev/ttyN`. so If I open minicom or screen and write to `host:/dev/pty/M` it will be propagated to 'guest:/dev/ttyN'. Is

I'm experimenting with smb + winbind. My host is joined to AD and I can login to my host fine using my AD credentials via SSH.?? The only issue is that I don't get a Kerberos ticket generated. In /etc/security/pam_winbind.conf I have: krb5_auth = yes krb5_ccache_type = KEYRING In /etc/krb5.conf, I also have: default_ccache_name = KEYRING:persistent:%{uid} Using wbinfo -K jas, then

I'm playing with google-authenticator libpam https://code.google.com/p/google-authenticator/ It appears to be failing the "make test" on CentOS 5.9 32bit. ./pam_google_authenticator_unittest Testing base32 encoding Testing base32 decoding Testing HMAC_SHA1 Loading PAM module Running tests, querying for verification code Testing failed login attempt Testing

On 7/28/2020 4:11 PM, Jason Keltz wrote: > > On 7/28/2020 3:59 PM, Jason Keltz via samba wrote: >> I'm experimenting with smb + winbind. >> >> My host is joined to AD and I can login to my host fine using my AD >> credentials via SSH.?? The only issue is that I don't get a Kerberos >> ticket generated. >> >> In

Hi All. Attached is a patch that implements password expiry with PAM and privsep. It works by passing a descriptor to the tty to the monitor, which sets up a child with that tty as stdin/stdout/stderr, then runs chauthtok(). No setuid helpers. I used some parts of Michael Steffens' patch (bugid #423) to make it work on HP-UX. It's still rough but it works. Tested on Solaris 8 and

On Mon, 22 Nov 1999, Philip Brown wrote: > [ Marc G. Fournier writes ] > > debug("PAM_retval(open_session) about to run"); > > pam_retval = pam_open_session((pam_handle_t *)pamh, 0); > > > > > =========================================== > > > > so, its looking like I'm authenticated properly, but when trying to set up > > the

Hello all, On Redhat 6.2, the PAM_unix module logs the session opening, but not the session closing. This was logged as of 2.3.0p1. Upgrading to 2.5.1p1 makrs the start of the problem. Thanks in advance, Victor -- Victor J. Orlikowski ====================== v.j.orlikowski at gte.net orlikowski at apache.org vjo at us.ibm.com

https://bugzilla.mindrot.org/show_bug.cgi?id=1799 Summary: Unable to login through PAM on Solaris 8 x86 due to PAM_TTY Product: Portable OpenSSH Version: 5.5p1 Platform: ix86 OS/Version: Solaris Status: NEW Severity: major Priority: P2 Component: PAM support AssignedTo:

I'm using OpenSSH-2.9.9p2 on Solaris 8 sparc64. 2.9p2 worked fine, but 2.9.9p2+ is giving me trouble with one thing - sshd segfaults if I try to connect and execute a command, such as "ssh machine ls". Otherwise it works great. sshd will fork, and the child process segfaults. CVS snapshot does the same thing. I've narrowed this down somewhat. It will only happen if you use

http://bugzilla.mindrot.org/show_bug.cgi?id=703 Summary: non-interactive commands fail on solaris 8 Product: Portable OpenSSH Version: 3.7.1p1 Platform: Sparc OS/Version: Solaris Status: NEW Severity: normal Priority: P2 Component: PAM support AssignedTo: openssh-bugs at mindrot.org

On ???, 16 ??? 2024, Michal Sekletar wrote: > Hello everyone, > > I am trying to adjust the systemd-logind classification of the SSH > session opened by Ansible client. By default the SSH session created > by Ansible client is Class=user and Type=tty in systemd-logind. > pam_systemd.so allows users to change this default via the environment > variables XDG_SESSION_CLASS and

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 The same result without CFLAGS: configure:17300: checking for mblen configure:17356: gcc -o conftest -g -O2 -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -fno-strict-aliasing -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE

As many of you know, OpenSSH 3.7.X, unlike previous versions, makes PAM authentication take place in a separate process or thread (launched from sshpam_init_ctx() in auth-pam.c). By default (if you don't define USE_POSIX_THREADS) the code "fork"s a separate process. Or if you define USE_POSIX_THREADS it will create a new thread (a second one, in addition to the primary thread). The

The auth-pam.c of sshd server contains a small flaw that allows empty password logins even if "PermitEmptyPasswords" option in the sshd config file is set to "no". The scenario is as follows: Using ssh the user tries to logon to the machine using an account that has empty password. If the user presses enter on the password prompt (NULL password) access is