similar to: Solaris 7 changing password via PAM

Hi, Sorry no core dumps, the sshd programme is perfectly happy just fails to consider changing the password. Cheers, Martyn -----Original Message----- From: Ed Phillips [mailto:ed at UDel.Edu] Sent: 06 November 2001 18:38 To: Roberts,M,Martyn,IVLH4 C Cc: openssh-unix-dev Subject: Re: Solaris 7 changing password via PAM On Tue, 6 Nov 2001 martyn.a.roberts at bt.com wrote: > Date: Tue, 6

I tried replacing readpassphrase() for v2.9.9p2 on Sol8 with a different version that just calls getpassphrase(). It appears to solve the echo problem when the user tries to login in interactive mode and needs to change their password. Can anyone else try this with v2.9.9p2 on Solaris? Be sure to add: #define HAVE_GETPASSPHRASE ... to config.h when compiling (since it's not a configurable

The reason I ask about the patches is because I think the problem you're seeing might actually be a bug in pam_unix.so.1 - it's something to try at least. We don't use password aging and we don't use the "passwd" command to change passwords, so we haven't run into this at our site even though we probably don't have pam_unix.so patched up. Also, the passwd

Hello All. Attached is an update to my previous patch to make do_pam_chauthtok and privsep play nicely together. First, a question: does anybody care about these or the password expiration patches? Anyway, the "PRIVSEP(do_pam_hauthtok())" has been moved to just after the pty has been allocated but before it's made the controlling tty. This allows the child running chauthtok to

I would like to use ssh-add to unlock a key with a password provided through a web interface. It seems even though ssh-add calls read_passphrase with RP_ALLOW_STDIN at ssh-add.c:173, stdin is not used as a last resort without a valid terminal or display. Is it an intended behaviour ? And if so, what are the security implications of using popen() to write the password to ssh-add (not using echo

It appears that "fixpaths" has "/usr/bin/perl" hard-coded in. This causes make to fail immediately after running configure. Ed Ed Phillips <ed at udel.edu> University of Delaware (302) 831-6082 Systems Programmer III, Network and Systems Services finger -l ed at polycut.nss.udel.edu for PGP public key

Hi there, I just tried out OpenSSH3.0p1 running on Solaris 8 with PAM (--with-PAM). The problem was mentioned some time ago and is still there :-( When a password is expired you are prompted to change it now, enter your login password and after doing so you are instantly disconnected. I think this is a problem with PAM and not SSH, but how can I get a solution on this ? sshd is running without

Remove sshkey_load_private(), as this function's role is similar to sshkey_load_private_type(). --- Dependency: This change depends over recently merged change in openbsd: https://github.com/openbsd/src/commit/b0c328c8f066f6689874bef7f338179145ce58d0 Change log: v1->v2 - Remove declaration of sshkey_load_private() in authfile.h authfile.c | 38

Hi, i am experiencing a problem with ssh 3.0.2.p1 running on Solaris 2.8. Everything works fine with local users (i.e. with local passwd and shadow entries). With LDAP authenticated users, i obtain: treno at tao[!] -> ssh -v Segmentation Fault (core dumped) The probem is the same with 2.x releases. Thank you, Roberto Bertucci

I'm having trouble getting any sort of work-around for 3.10 on Solaris 8 with Sun's tcsh. I've tried using "hup" to correct it but to no avail. This problem wasn't present with ssh version 1 - it just seem to work. Now we get all kinds of abandoned ssh processes lying around that have to be manually killed. Does anyone know if there is going to be a fix for this problem

In do_pam_cleanup_proc(), there are 3 calls to PAM: 1) pam_close_session() - do lastlog stuff 2) pam_setcred(PAM_DELETE_CRED) - delete credentials 3) pam_end() - close PAM It appears that pam_setcred() always fails with the error PAM_PERM_DENIED. This is due to a check done pam_unix.so to not allow a caller with euid 0 to even try to delete their SECURE_RPC credentials. When sshd calls

After upgrading to 3.4.0, I can no longer add new users. Any users that were added beforehand work fine. Any users that I attempt to create cannot login (error: NT_STATUS_LOGON_FAILURE). I was able to get one new user account to work (see below), but I cannot add any new users. The server is Ubuntu 9.10 running Samba 3.4.0. I am using: security = user pam password change = yes Updating

Hi, I am authenticating users on our linux servers using nslcd/pam_ldap. Authentication is fine, however, it is not possible for the user to change the password from the server. Is there a way to make it work ? [Guilherme at server ~]$ passwd Changing password for user Guilherme. passwd: Authentication token manipulation error Oct 8 14:37:53 server passwd: pam_unix(passwd:chauthtok): user

http://bugzilla.mindrot.org/show_bug.cgi?id=423 ------- Additional Comments From djm at mindrot.org 2003-03-10 12:06 ------- The patch looks good, but the only thing that makes me wary is the use of signals for IPC. Would it not be possible to do the chauthtok call earlier? E.g. after the call to do_pam_session() in do_exec_pty()? ------- You are receiving this mail because: ------- You

Hi All, I am not sure if this is the same thing as the hang on exit bug, so sorry if this is a duplication of previous stuff. Essetntially I am experiencing ssh hangs with about .5% - 1% of my connections. I am running 2.9p2, on Solaris 7. I actually have empirical data on the hangings, as I wrote a script to create these connections in an endless loop, setting an alarm so I could recover

I'm guess I wasn't following the whole cookies discussion completely (putting cookies in /tmp to avoid putting them on NFS, etc.), but I noticed today that with 2.9.9p2, if I use "ssh -X" to start a shell on the server, in that shell XAUTHORITY is set to /tmp/ssh-XXXXXXXX/cookies and there are cookies placed there there. These are the "fake" cookies for the

This (very quick) patch allows you to connect with the commercial ssh.com windows client and use x509 certs for hostkeys. You have to import your CA cert (ca.crt) in the windows client and certify your hostkey: $ cat << 'EOF' > x509v3.cnf CERTPATHLEN = 1 CERTUSAGE = digitalSignature,keyCertSign CERTIP = 0.0.0.0 [x509v3_CA]

https://bugzilla.mindrot.org/show_bug.cgi?id=2539 Bug ID: 2539 Summary: Add missing sanity check for read_passphrase() in auth-pam.c Product: Portable OpenSSH Version: 7.1p1 Hardware: All OS: All Status: NEW Severity: major Priority: P5 Component: PAM support

(I vaguely remember talk about PAM session stuff recently... please excuse me if this is the same problem.) I compiled v2.9.9p2 on Solaris 8 with the following configuration and the Sun Workshop v5 compiler: OpenSSH has been configured with the following options: User binaries: /opt/openssh-2.9.9p2/bin System binaries: /opt/openssh-2.9.9p2/sbin

We recently started upgrading OpenSSH on our Sol8 systems and we've run into a problem were we can run commands on a remote system since we installed 3.7.1p1. The debug output from sshd is attached below. We use PAM in our environment, and have since 2.9.9p2. I think most of the systems were running 3.4p1 prior installing 3.7.1p1 and they were working - the only thing we replaced was