similar to: [Bug 118] New: Implement TIS (protocol 1) via PAM

Here is a patch that does TIS auth via PAM. It's controlled by a switch in the sshd_config. You'd use it by having a PAM module that sets PAM_PROMPT_ECHO_ON. eg, you could use it with pam_skey or pam_smxs. The patch is against the 2.9.9p2 distribution. I'm not on the list, a reply if this patch is accepted would be great. (But not required, I know some folks have a distaste for

Hello, appended is a patch that makes it possible to use PAM both for password authentication and TIS (i.e. s/key or opie or any other interactive challenge/response scheme). I have developed this starting from the patch at http://www.debian.org/Bugs/db/61/61906.html on Debian with openssh-2.1.1p4-3. After configuring ssh with --with-pam-tis, there are two PAM services, "sshd" and

Hi, We have updated our TIS authserv support patch for OpenSSH 2.5.1p2. You'll find it attached to my message. -- Bazsi PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1 -------------- next part -------------- diff -urN openssh-2.5.1p2/Makefile.in openssh-2.5.1p2-tis/Makefile.in --- openssh-2.5.1p2/Makefile.in Sun Feb 18 20:13:33 2001 +++

I need a way to make sshd require S/KEY authentication to succeed before allowing either password or public-key authentication. Currently, we can only have S/KEY+password, by using PAM for authentication, and configuring PAM accordingly. But PAM of course can't handle SSH public keys. I thought for a while that ideally we could actually use PAM to tell sshd what methods of authentication to

Dear list, since the order of authentication and AFS token/KRB TGT forwarding changed (around 3.0), we have had problems with users accidentally overwriting their credentials from a "password" login with forwarded credentials. E.g. user A logs in as user B, but stays with the AFS permissions of user A. A workaround is to use "-k" on these sessions, but "it worked without

The auth-pam.c of sshd server contains a small flaw that allows empty password logins even if "PermitEmptyPasswords" option in the sshd config file is set to "no". The scenario is as follows: Using ssh the user tries to logon to the machine using an account that has empty password. If the user presses enter on the password prompt (NULL password) access is

Hello, I just wasted several hours trying to figure out why I could not change Samba passwords from Windows XP computers. I'm posting here so that there is some form of documentation about this on the web. My setup is basically this: - Samba 3.3.2 (running under Ubuntu 9.04) - OpenLDAP user database - Full O.S. support for OpenLDAP auth, using nsswitch and PAM. (My client

Hi, after installing 3.6.1p2 I noticed spurious PAM login failures even with PermitEmptyPasswords set to "no": sshd(pam_unix)[1740]: authentication failure; logname=XXX uid=0 euid=0 tty=NODEVssh ruser= rhost=localhost user=XXX After looking at the code I noticed the following in the portability p2 patch: +++ openssh-3.6.1p2/auth-passwd.c 2003-04-29 19:12:08.000000000 +1000

http://bugzilla.mindrot.org/show_bug.cgi?id=192 ------- Additional Comments From mouring at eviladmin.org 2002-03-28 04:04 ------- If I understand the PAM code (none of the PRIVSEP code has been made to work with it right now) one should never called auth_password() they should be calling auth_pam_password().. So in mm_answer_authpassword() function it should look something like this

Hi, the following patch fixes a potential security hole in the Cygwin version of sshd. If you're logging in to a Cygwin sshd with version 2 protocol using an arbitrary user name which is not in /etc/passwd, the forked sshd which is handling this connection crashes with a segmentation violation. The client side encounters an immediate disconnect ("Connection reset by peer").

A while back, I sent in a patch that added Digital Unix SIA authentication to OpenSSH. Well, I just figured out that it didn't handle everything correctly (locked accounts could still log in). I thought I had checked that, but I guess I missed it. Anyway, here is a patch against OpenSSH 2.2.0p1 that fixes this. -- Chris Adams <cmadams at hiwaay.net> Systems and Network Administrator

is this ok? symptom is: debug1: Starting up PAM with username "stevesk" debug1: Trying to reverse map address 127.0.0.1. debug1: PAM setting rhost to "localhost" debug1: Attempting authentication for stevesk. debug1: PAM Password authentication for "stevesk" failed[9]: Authentication failed Failed rsa for stevesk from 127.0.0.1 port 49568 Index: auth1.c

I am writing to report a bug in openssh-2.3.0p1, and to suggest a fix. I have OpenSSH installed on a Solaris 8 box. The output of uname -a is: > SunOS dipper.csi.cam.ac.uk 5.8 Generic_108528-06 sun4u sparc SUNW,Ultra-5_10 OpenSSH was configured with the following options: > ./configure --prefix=/jackdaw --with-default-path=/jackdaw/bin:/usr/bin On this OS, with this configuration, it

I redid my previous OPIE patch for the current ssh tree. It seems to work fine here, and I'ld love to see it merged before the 3.0 release. Wichert. diff -x CVS -wNur ../cvs/other/openssh_cvs/Makefile.in openssh_cvs/Makefile.in --- ../cvs/other/openssh_cvs/Makefile.in Mon Oct 22 02:53:59 2001 +++ openssh_cvs/Makefile.in Sun Nov 4 01:18:19 2001 @@ -50,7 +50,7 @@ SSHOBJS= ssh.o

Hi, the following patch removes some of the Cygwin specific code from OpenSSH. Since Cygwin is able to change the user context on NT/W2K even without a password since the new Cygwin version 1.3.2, there's no need anymore to allow changing the user context only if the sshd user is the same user as the one which logs in or when a password is given. For that reason the whole function

Along with getting pqR to work on Windows, I've also been testing it in the context of embedded R, and in the process have found some problems with the examples given of embedded R use. One problem can be seen in R_ReplDLLinit, in src/main/main.c: void R_ReplDLLinit(void) { SETJMP(R_Toplevel.cjmpbuf); R_GlobalContext = R_ToplevelContext = R_SessionContext = &R_Toplevel;

When we installed OpenSSH 2.1.1p4 on our Solaris systems, our users noticed that it did not honor password expiration consistently with other Solaris login services. The patch below is against OpenSSH 2.2.0p1 and adds support for PAM password changes on expiration via pam_chauthtok(). A brief summary of changes: auth-pam.c: * change declaration of pamh to "static pam_handle_t *pamh",

Hello sorry, for bothering you with this problem, but I ca't find solutions. I write small PAM module, and I've got the problem with conversation function with OpenSSH 3.5p1. When the message style is PAM_PROMPT_ECHO_ON, or PAM_PROMPT_ECHO_OFF everything is allright. But when I use PAM_TEXT_INFO, or PAM_ERROR_MSG, ssh prints nothing on the client side. Does anyone know the reason of

Some time ago, Ben wrote about a PrintLastLog patch: > If the person who originally submitted it wants to write a complete > patch and submit it. Then we would be happy to debate if it will be > included. Well, here it is, because: "You Asked For It!" PS: I'm tired of maintaining my own version of Debian's ssh just to have this option available, so I hope you find

Hello. I have a linux-based system that acts as a cvs-server on an NT-domain. The cvs-repository is reached whith ssh. My comments are for version 1.2.2 (debian distribution 1.2.2-1). I made a pam-module for adding users automatically when they have been authorized by the pam_smb_auth. Problem is that sshd checks if the user exists in passwd before going to pam for authorization. I made a