Displaying 20 results from an estimated 4000 matches similar to: "openssh & solaris (part 2)"
2002 Feb 27
0
[Bug 128] New: PAM with ssh authentication and pam_krb5 doesn't work properly
http://bugzilla.mindrot.org/show_bug.cgi?id=128
Summary: PAM with ssh authentication and pam_krb5 doesn't work
properly
Product: Portable OpenSSH
Version: 3.0.2p1
Platform: UltraSparc
OS/Version: Solaris
Status: NEW
Severity: normal
Priority: P2
Component: sshd
AssignedTo:
2002 Apr 26
0
PAM keyboard-interactive
The following patch (relative to -current) makes PAM a proper
kbd-interactive citizen. There are a few limitations (grep for todo), but
the code seems to work OK for protocols 1 & 2 with and without privsep.
Please have a play!
auth2-pam.c is based on code from FreeBSD.
Index: auth2-chall.c
===================================================================
RCS file:
2002 Jul 02
3
New PAM kbd-int diff
Below is a new PAM kbd-int diff based on FreeBSD's code. This code makes
PAM kbd-int work with privilege separation.
Contrary to what I have previously stated - it *does* handle multiple
prompts. What it does not handle is multiple passes through the PAM
conversation function, which would be required for expired password
changing.
I would really appreciate some additional eyes over the
2002 Jun 25
4
PAM kbd-int with privsep
The following is a patch (based on FreeBSD code) which gets kbd-int
working with privsep. It moves the kbd-int PAM conversation to a child
process and communicates with it over a socket.
The patch has a limitation: it does not handle multiple prompts - I have
no idea how common these are in real-life. Furthermore it is not well
tested at all (despite my many requests on openssh-unix-dev@).
-d
2001 Jun 26
1
OpenSSH 2.9p2 with PAMAuthenticationViaKbdInt
When using PAM to do password authenticaion the attempt/failure counter
appears to be getting confused. This is using a rh62 system with the
openssh-2.9p2-1 rpms...
On the client side...
[matthewm at toadhall (7) matthewm]$ grep Auth /etc/ssh/ssh_config
RhostsAuthentication no
RhostsRSAAuthentication no
HostbasedAuthentication no
RSAAuthentication no
PubkeyAuthentication yes
2002 Jun 26
0
OpenSSH Security Advisory (adv.iss)
1. Versions affected:
All versions of OpenSSH's sshd between 2.9.9 and 3.3
contain an input validation error that can result in
an integer overflow and privilege escalation.
OpenSSH 3.4 and later are not affected.
OpenSSH 3.2 and later prevent privilege escalation
if UsePrivilegeSeparation is enabled in sshd_config.
OpenSSH 3.3 enables
2002 Jun 26
0
Revised OpenSSH Security Advisory (adv.iss)
This is the 2nd revision of the Advisory.
1. Versions affected:
Serveral versions of OpenSSH's sshd between 2.3.1 and 3.3
contain an input validation error that can result in an
integer overflow and privilege escalation.
All versions between 2.3.1 and 3.3 contain a bug in the
PAMAuthenticationViaKbdInt code.
All versions between 2.9.9 and 3.3
2002 Jun 26
1
Revised OpenSSH Security Advisory (adv.iss)
This is the 2nd revision of the Advisory.
1. Versions affected:
Serveral versions of OpenSSH's sshd between 2.3.1 and 3.3
contain an input validation error that can result in an
integer overflow and privilege escalation.
All versions between 2.3.1 and 3.3 contain a bug in the
PAMAuthenticationViaKbdInt code.
All versions between 2.9.9 and 3.3
2002 Jun 26
2
OpenSSH Security Advisory (adv.iss)
1. Versions affected:
All versions of OpenSSH's sshd between 2.9.9 and 3.3
contain an input validation error that can result in
an integer overflow and privilege escalation.
OpenSSH 3.4 and later are not affected.
OpenSSH 3.2 and later prevent privilege escalation
if UsePrivilegeSeparation is enabled in sshd_config.
OpenSSH 3.3 enables
2002 Jul 01
0
Revised OpenSSH Security Advisory
This is the 4th revision of the Advisory.
This document can be found at: http://www.openssh.com/txt/preauth.adv
1. Versions affected:
Serveral versions of OpenSSH's sshd between 2.3.1 and 3.3
contain an input validation error that can result in an
integer overflow and privilege escalation.
All versions between 2.3.1 and 3.3 contain a bug in the
2002 Jul 01
0
Revised OpenSSH Security Advisory
This is the 4th revision of the Advisory.
This document can be found at: http://www.openssh.com/txt/preauth.adv
1. Versions affected:
Serveral versions of OpenSSH's sshd between 2.3.1 and 3.3
contain an input validation error that can result in an
integer overflow and privilege escalation.
All versions between 2.3.1 and 3.3 contain a bug in the
2002 Feb 27
0
[Bug 127] New: PAM with ssh authentication and pam_krb5 doesn't work properly
http://bugzilla.mindrot.org/show_bug.cgi?id=127
Summary: PAM with ssh authentication and pam_krb5 doesn't work
properly
Product: Portable OpenSSH
Version: 3.0.2p1
Platform: UltraSparc
OS/Version: Solaris
Status: NEW
Severity: normal
Priority: P2
Component: sshd
AssignedTo:
2003 Jan 08
2
OPENSSH REMOTE ROOT COMPROMISE ALL VERSIONS (fwd)
There has not been any mention of this, so..
I'm having hard time trying to figure out whether this is for real or just
a joke. (Anyway, I don't use those possibly vulnerable features myself.)
Any analysis yet?
--
Pekka Savola "You each name yourselves king, yet the
Netcore Oy kingdom bleeds."
Systems. Networks. Security. -- George R.R.
2001 Sep 05
1
reinit_creds (was Re: OpenSSHd barfs upon reauthentication: PAM, Solaris 8)
>> >Could we please have a clarification on the semantics of
>> >PAM_CRED_ESTABLISH vs. the semantics of PAM_REINITIALIZE_CREDS?
>>
>> My interpretation is:
>>
>> You call PAM_ESTABLISH_CRED to create them
>> You call PAM_REINITIALIZE_CRED to update creds that can expire over time,
>> for example a kerberos ticket.
Oops. I meant
2002 Feb 27
0
openssh & solaris
while trying to sort out the PAM incompatabilities between openssh 3.0.2p1
and solaris 8 and sun's pam_krb5 i got some things to work. i'm really not
sure where the appropriate place to submit patches is so for now i'm sending
them here.
this patch will allow PAM interoperability when using sun's pam_krb5 without
using the system login routine (this way X forwarding will
2001 Sep 05
2
reinit_creds (was Re: OpenSSHd barfs upon reauthentication: PAM, Solaris 8)
>Neither the Sun PAM documentation nor the Linux-PAM documentation
>describe the semantics of PAM_REINITIALIZE_CREDS in any useful detail.
I would agree it is vague, but then that is also a problem with the XSSO
document (http://www.opengroup.org/onlinepubs/008329799/)
>Could we please have a clarification on the semantics of
>PAM_CRED_ESTABLISH vs. the semantics of
2002 Feb 24
0
Sol8/pam_krb5/OpenSSH 3.0.2
with the following pam.conf entries, after being prompted for a login
password the connection is closed:
other auth sufficient /usr/lib/security/$ISA/pam_krb5.so.1
other auth required /usr/lib/security/$ISA/pam_unix.so.1 try_first_pass
the system logs the error:
sshd[4215]: fatal: input_userauth_info_response_pam: no authentication
context
if the pam.conf entry is changed to the
2013 Jan 19
1
PAM function ordering
Dear all,
I've been looking into hacking with some PAM modules, and thought I could
learn from the OpenSSH source (it's probably the closest thing to a
canonical cross-platform consumer of the API).
One thing I've noticed I don't understand though is how OpenSSH's
invocation of do_pam_session/setcred can work (in main of the process
forked in sshd.c). Ignoring privsep for the
2004 Mar 30
2
[Bug 688] PAM modules relying on module-private data (pam_dhkeys, pam_krb5, AFS) fail
http://bugzilla.mindrot.org/show_bug.cgi?id=688
dtucker at zip.com.au changed:
What |Removed |Added
----------------------------------------------------------------------------
OtherBugsDependingO| |822
nThis| |
Status|NEW |ASSIGNED
2001 Feb 10
3
Protocol 2 remote forwarding patch
Hi all,
I'm very new in this list, as looking for codes to plug up the lack of
functionality of "Protocol 2 Remote Forwardig".
Fortunately, I could find it in MARC's archive. Mr. Jarno Huuskonen
posted the codes in Sept, last year, and I tried applying it to my
FreeBSD box environment.
I couldn't apply an original patch, of course, for incompatibility of
virsion. The