similar to: sshd can't change expired password on Sol8 with Openssh3.0p1 + PAM

Hi there, I just tried out OpenSSH3.0p1 running on Solaris 8 with PAM (--with-PAM). The problem was mentioned some time ago and is still there :-( When a password is expired you are prompted to change it now, enter your login password and after doing so you are instantly disconnected. I think this is a problem with PAM and not SSH, but how can I get a solution on this ? sshd is running without

Hi, i am experiencing a problem with ssh 3.0.2.p1 running on Solaris 2.8. Everything works fine with local users (i.e. with local passwd and shadow entries). With LDAP authenticated users, i obtain: treno at tao[!] -> ssh -v Segmentation Fault (core dumped) The probem is the same with 2.x releases. Thank you, Roberto Bertucci

In do_pam_cleanup_proc(), there are 3 calls to PAM: 1) pam_close_session() - do lastlog stuff 2) pam_setcred(PAM_DELETE_CRED) - delete credentials 3) pam_end() - close PAM It appears that pam_setcred() always fails with the error PAM_PERM_DENIED. This is due to a check done pam_unix.so to not allow a caller with euid 0 to even try to delete their SECURE_RPC credentials. When sshd calls

I tried replacing readpassphrase() for v2.9.9p2 on Sol8 with a different version that just calls getpassphrase(). It appears to solve the echo problem when the user tries to login in interactive mode and needs to change their password. Can anyone else try this with v2.9.9p2 on Solaris? Be sure to add: #define HAVE_GETPASSPHRASE ... to config.h when compiling (since it's not a configurable

Outside the known 'Hang-on-exit' bug and the Solaris 'PAM_TTY_KLUDGE' required. *WHAT* other issues *MUST* be address before 3.0 which is approaching fast? Those running NeXTStep I need conformation that it works under NeXT. My current Slab is packed in a storage unit due to a fire in my apartment complex (happened above me so I'm wrapping up dealing with that crap =). -

I've been doing so more tests with 2.9.9p2 on Sol8. Here are my finding so far: When a user needs to change his password and trys to run a command in non-interactive mode, it just succeeds without even trying to prompt the user for a new password. Damien submitted a fix - it works for me (is it going into CVS?). When a user needs to change his password and trys to login in interactive

openssh password expiration problemPatrick, Indeed password aging does not work with OpenSSH 3.0.1p1 on Solaris 2.6. >From what I can tell something is different with Solaris 2.6 and Solaris 2.8. I know that password expiration doesn't cause a problem on Solaris8. I'm unclear as to whether the problem is with OpenSSH code or Solaris. All I know is that the latest PAM patches are not

We recently started upgrading OpenSSH on our Sol8 systems and we've run into a problem were we can run commands on a remote system since we installed 3.7.1p1. The debug output from sshd is attached below. We use PAM in our environment, and have since 2.9.9p2. I think most of the systems were running 3.4p1 prior installing 3.7.1p1 and they were working - the only thing we replaced was

Okay, I'm confused again. They way you guys are talking about the conversation routine, it would seem that you think it is a way to fetch something from the user - like a new password. Is this possible? Does calling pam_chauthtok() cause the underlying pam_sm_chauthtok() eventually print something on stdout and read a new password from stdin (the socket to the client) using the conversation

It appears that "fixpaths" has "/usr/bin/perl" hard-coded in. This causes make to fail immediately after running configure. Ed Ed Phillips <ed at udel.edu> University of Delaware (302) 831-6082 Systems Programmer III, Network and Systems Services finger -l ed at polycut.nss.udel.edu for PGP public key

I'm having trouble getting any sort of work-around for 3.10 on Solaris 8 with Sun's tcsh. I've tried using "hup" to correct it but to no avail. This problem wasn't present with ssh version 1 - it just seem to work. Now we get all kinds of abandoned ssh processes lying around that have to be manually killed. Does anyone know if there is going to be a fix for this problem

Hi, Sorry no core dumps, the sshd programme is perfectly happy just fails to consider changing the password. Cheers, Martyn -----Original Message----- From: Ed Phillips [mailto:ed at UDel.Edu] Sent: 06 November 2001 18:38 To: Roberts,M,Martyn,IVLH4 C Cc: openssh-unix-dev Subject: Re: Solaris 7 changing password via PAM On Tue, 6 Nov 2001 martyn.a.roberts at bt.com wrote: > Date: Tue, 6

maybe this is a silly question ;-) But why is it possible to login on a machine with a locked account (passwd -l ) via pubkey-authentication (authorized_keys) ? I use OpenSSH3.01p1on Solaris8 with PAM support so I thought this should not happen. If this is the normal behaviour and built in intentionally what would be the easiest way to lock an account without deleting the users authorized_keys ?

Hi All, I am not sure if this is the same thing as the hang on exit bug, so sorry if this is a duplication of previous stuff. Essetntially I am experiencing ssh hangs with about .5% - 1% of my connections. I am running 2.9p2, on Solaris 7. I actually have empirical data on the hangings, as I wrote a script to create these connections in an endless loop, setting an alarm so I could recover

I'm guess I wasn't following the whole cookies discussion completely (putting cookies in /tmp to avoid putting them on NFS, etc.), but I noticed today that with 2.9.9p2, if I use "ssh -X" to start a shell on the server, in that shell XAUTHORITY is set to /tmp/ssh-XXXXXXXX/cookies and there are cookies placed there there. These are the "fake" cookies for the

I don't know if this is still a problem in the latest snapshot, but with 2.9.9p2, if you do a "./configure ... --with-tcp-wrappers", there's no way to specify a location for tcpd.h and libwrap.a. This is troublesome on Solaris where you might install stuff like that in /opt/lib or /usr/local/lib or something that is not searched by default. Ed Ed Phillips <ed at

If I change openbsd-compt/readpassphrase.c and type "make" from the top-level, nothing happens. I have to remove openbsd-compat/libopenbsd-compat.a to get "make" to do its thing. Ed Phillips <ed at udel.edu> University of Delaware (302) 831-6082 Systems Programmer III, Network and Systems Services finger -l ed at polycut.nss.udel.edu for PGP public key

Can someone tell be briefly how to get OpenSSH3.1p1 configured and compiled to use /dev/random? Can OpenSSH use /dev/random directly now? Thanks, Ed Ed Phillips <ed at udel.edu> University of Delaware (302) 831-6082 Systems Programmer III, Network and Systems Services finger -l ed at polycut.nss.udel.edu for PGP public key

(I vaguely remember talk about PAM session stuff recently... please excuse me if this is the same problem.) I compiled v2.9.9p2 on Solaris 8 with the following configuration and the Sun Workshop v5 compiler: OpenSSH has been configured with the following options: User binaries: /opt/openssh-2.9.9p2/bin System binaries: /opt/openssh-2.9.9p2/sbin

This (very quick) patch allows you to connect with the commercial ssh.com windows client and use x509 certs for hostkeys. You have to import your CA cert (ca.crt) in the windows client and certify your hostkey: $ cat << 'EOF' > x509v3.cnf CERTPATHLEN = 1 CERTUSAGE = digitalSignature,keyCertSign CERTIP = 0.0.0.0 [x509v3_CA]