similar to: OpenSSH3.0p1/PAM/Sol8

The reason I ask about the patches is because I think the problem you're seeing might actually be a bug in pam_unix.so.1 - it's something to try at least. We don't use password aging and we don't use the "passwd" command to change passwords, so we haven't run into this at our site even though we probably don't have pam_unix.so patched up. Also, the passwd

Hi all. OpenSSH_4.1p1, OpenSSL 0.9.7g 11 Apr 2005 on Solaris 8 using host-based authentication. With "PrivilegeSeparation yes" and "UsePAM no" everything works as desired. If I enable PAM, I am able to connect, but just before it gives me a shell, it disconnects. If I leave PAM enabled and disable PrivilegeSeparation, it works. Is this a current limitation, or is there

Outside the known 'Hang-on-exit' bug and the Solaris 'PAM_TTY_KLUDGE' required. *WHAT* other issues *MUST* be address before 3.0 which is approaching fast? Those running NeXTStep I need conformation that it works under NeXT. My current Slab is packed in a storage unit due to a fire in my apartment complex (happened above me so I'm wrapping up dealing with that crap =). -

We recently started upgrading OpenSSH on our Sol8 systems and we've run into a problem were we can run commands on a remote system since we installed 3.7.1p1. The debug output from sshd is attached below. We use PAM in our environment, and have since 2.9.9p2. I think most of the systems were running 3.4p1 prior installing 3.7.1p1 and they were working - the only thing we replaced was

maybe this is a silly question ;-) But why is it possible to login on a machine with a locked account (passwd -l ) via pubkey-authentication (authorized_keys) ? I use OpenSSH3.01p1on Solaris8 with PAM support so I thought this should not happen. If this is the normal behaviour and built in intentionally what would be the easiest way to lock an account without deleting the users authorized_keys ?

Hi, i am experiencing a problem with ssh 3.0.2.p1 running on Solaris 2.8. Everything works fine with local users (i.e. with local passwd and shadow entries). With LDAP authenticated users, i obtain: treno at tao[!] -> ssh -v Segmentation Fault (core dumped) The probem is the same with 2.x releases. Thank you, Roberto Bertucci

In do_pam_cleanup_proc(), there are 3 calls to PAM: 1) pam_close_session() - do lastlog stuff 2) pam_setcred(PAM_DELETE_CRED) - delete credentials 3) pam_end() - close PAM It appears that pam_setcred() always fails with the error PAM_PERM_DENIED. This is due to a check done pam_unix.so to not allow a caller with euid 0 to even try to delete their SECURE_RPC credentials. When sshd calls

I've been doing so more tests with 2.9.9p2 on Sol8. Here are my finding so far: When a user needs to change his password and trys to run a command in non-interactive mode, it just succeeds without even trying to prompt the user for a new password. Damien submitted a fix - it works for me (is it going into CVS?). When a user needs to change his password and trys to login in interactive

I tried replacing readpassphrase() for v2.9.9p2 on Sol8 with a different version that just calls getpassphrase(). It appears to solve the echo problem when the user tries to login in interactive mode and needs to change their password. Can anyone else try this with v2.9.9p2 on Solaris? Be sure to add: #define HAVE_GETPASSPHRASE ... to config.h when compiling (since it's not a configurable

Dear list, How do I test whether I have access to my winbind LDAP backend from my Solaris 9 machine? My LDAP database is held on a Redhat 9.0 machine also running Samba 3.0.0. I know winbind works because getent and wbinfo show up my NT users and groups. I would also like to have people log into my Solaris 9 machine with their NT usernames, I have this working on Redhat already but Solaris is

openssh password expiration problemPatrick, Indeed password aging does not work with OpenSSH 3.0.1p1 on Solaris 2.6. >From what I can tell something is different with Solaris 2.6 and Solaris 2.8. I know that password expiration doesn't cause a problem on Solaris8. I'm unclear as to whether the problem is with OpenSSH code or Solaris. All I know is that the latest PAM patches are not

Hello there, I have winbind configured and working fine on a Solaris 8 machine pam is configured ok (I guess) as telnet/su'ing/smb access is working fine, OpenSSH 3.9 is configured with the following options: --prefix=/usr/local --sysconfdir=/etc/ssh --with-md5-passwords --with-default-path=/usr/local/sbin:/usr/sbin:/sbin:/usr/local/bin:/usr/ bin:/bin --with-ipv4-default

I sent this the other day, but did not get any replies, can anyone help? Hi All, I have a sparc solaris 8 server running samba 2.2.11 (which i complied with winbind). The server has been running for years and has about 20 local users setup using local files for openssh and rexec logins, and samba shares. They each use samba to map to their home directory and a common shared folder. They also

Hi, I 'm running : bash-2.03# uname -a SunOS kdejenssamfs 5.8 Generic_108528-15 sun4u sparc SUNW,Sun-Fire-280R and Samba 2.2.5 with winbind and PAM module. I do not need local domain users anymoure as expected. But I have two remaining problems: 1. "console" logins are no longer possible. I get the follwoing error in /var/adm/messages: ... Oct 1 16:41:07 kdejenssamfs

I've googled my heart out, but I cannot see an example of ssh authentication with Active Directory and winbindd, particularly on Solaris 10. I have it working on Solaris 8 with telnet, but I'm trying to break my users of telnet. Has anyone got it working? If so, would you be willing to share the global section of your smb.conf and pam.conf with me? Is there something I need to put in one

Okay, I'm confused again. They way you guys are talking about the conversation routine, it would seem that you think it is a way to fetch something from the user - like a new password. Is this possible? Does calling pam_chauthtok() cause the underlying pam_sm_chauthtok() eventually print something on stdout and read a new password from stdin (the socket to the client) using the conversation

I'm trying to configure my Solaris 9 pam.conf for CDE login/password expiration using ADS security on W2003. If my AD account password is in good standing, my config works great in /etc/pam.conf. However - I'm having trouble getting it to recognize that my password in AD has expired to ask me to reset it on the CDE screen. With the config below - it just tells me "login

Message follows this disclaimer -------------------------------------------------------------------------------------------------- This email and any files transmitted with it is confidential and intended solely for the person or organisation to whom it is addressed. If you are not the intended recipient, you must not read, copy or disseminate the information or take any action in reliance on it

Hi All. This patch calls pam_chauthtok() to change an expired password via PAM during keyboard-interactive authentication (SSHv2 only). It is tested on Redhat 8 and Solaris 8. In theory, it should have simply been a matter of calling pam_chauthtok with the PAM_CHANGE_EXPIRED_AUTHTOK flag, it'd only change the password is if it's expired, right? From the Solaris pam_chauthtok man page:

I ran into a weird problem yesterday where Putty can't connect to my OpenSSH/Sol box (and still can't ever since). On the Putty side I get the error message: "internal fault: chaos in SSH 2 transport layer" I've attached the "sshd -d -d -d" syslog output. Any ideas what's going wrong here? From a layman's point of view, it would appear that Putty and