Displaying 20 results from an estimated 4000 matches similar to: "[Bug 128] New: PAM with ssh authentication and pam_krb5 doesn't work properly"
2002 Feb 27
0
openssh & solaris (part 2)
this patch will allow PAM authentication when using sun's pam_krb5 before
pam_unix in the PAM stack. without this patch a pam.conf entry like:
sshd auth sufficient /usr/lib/security/$ISA/pam_krb5.so.1
sshd auth required /usr/lib/security/$ISA/pam_unix.so.1 try_first_pass
would fail with the error "input_userauth_info_response_pam: no
authentication context".
NOTE: when
2002 Apr 26
0
PAM keyboard-interactive
The following patch (relative to -current) makes PAM a proper
kbd-interactive citizen. There are a few limitations (grep for todo), but
the code seems to work OK for protocols 1 & 2 with and without privsep.
Please have a play!
auth2-pam.c is based on code from FreeBSD.
Index: auth2-chall.c
===================================================================
RCS file:
2002 Jul 02
3
New PAM kbd-int diff
Below is a new PAM kbd-int diff based on FreeBSD's code. This code makes
PAM kbd-int work with privilege separation.
Contrary to what I have previously stated - it *does* handle multiple
prompts. What it does not handle is multiple passes through the PAM
conversation function, which would be required for expired password
changing.
I would really appreciate some additional eyes over the
2002 Jun 25
4
PAM kbd-int with privsep
The following is a patch (based on FreeBSD code) which gets kbd-int
working with privsep. It moves the kbd-int PAM conversation to a child
process and communicates with it over a socket.
The patch has a limitation: it does not handle multiple prompts - I have
no idea how common these are in real-life. Furthermore it is not well
tested at all (despite my many requests on openssh-unix-dev@).
-d
2001 Jun 26
1
OpenSSH 2.9p2 with PAMAuthenticationViaKbdInt
When using PAM to do password authenticaion the attempt/failure counter
appears to be getting confused. This is using a rh62 system with the
openssh-2.9p2-1 rpms...
On the client side...
[matthewm at toadhall (7) matthewm]$ grep Auth /etc/ssh/ssh_config
RhostsAuthentication no
RhostsRSAAuthentication no
HostbasedAuthentication no
RSAAuthentication no
PubkeyAuthentication yes
2002 Jun 26
0
OpenSSH Security Advisory (adv.iss)
1. Versions affected:
All versions of OpenSSH's sshd between 2.9.9 and 3.3
contain an input validation error that can result in
an integer overflow and privilege escalation.
OpenSSH 3.4 and later are not affected.
OpenSSH 3.2 and later prevent privilege escalation
if UsePrivilegeSeparation is enabled in sshd_config.
OpenSSH 3.3 enables
2002 Jun 26
0
Revised OpenSSH Security Advisory (adv.iss)
This is the 2nd revision of the Advisory.
1. Versions affected:
Serveral versions of OpenSSH's sshd between 2.3.1 and 3.3
contain an input validation error that can result in an
integer overflow and privilege escalation.
All versions between 2.3.1 and 3.3 contain a bug in the
PAMAuthenticationViaKbdInt code.
All versions between 2.9.9 and 3.3
2002 Jun 26
1
Revised OpenSSH Security Advisory (adv.iss)
This is the 2nd revision of the Advisory.
1. Versions affected:
Serveral versions of OpenSSH's sshd between 2.3.1 and 3.3
contain an input validation error that can result in an
integer overflow and privilege escalation.
All versions between 2.3.1 and 3.3 contain a bug in the
PAMAuthenticationViaKbdInt code.
All versions between 2.9.9 and 3.3
2002 Jun 26
2
OpenSSH Security Advisory (adv.iss)
1. Versions affected:
All versions of OpenSSH's sshd between 2.9.9 and 3.3
contain an input validation error that can result in
an integer overflow and privilege escalation.
OpenSSH 3.4 and later are not affected.
OpenSSH 3.2 and later prevent privilege escalation
if UsePrivilegeSeparation is enabled in sshd_config.
OpenSSH 3.3 enables
2002 Jul 01
0
Revised OpenSSH Security Advisory
This is the 4th revision of the Advisory.
This document can be found at: http://www.openssh.com/txt/preauth.adv
1. Versions affected:
Serveral versions of OpenSSH's sshd between 2.3.1 and 3.3
contain an input validation error that can result in an
integer overflow and privilege escalation.
All versions between 2.3.1 and 3.3 contain a bug in the
2002 Jul 01
0
Revised OpenSSH Security Advisory
This is the 4th revision of the Advisory.
This document can be found at: http://www.openssh.com/txt/preauth.adv
1. Versions affected:
Serveral versions of OpenSSH's sshd between 2.3.1 and 3.3
contain an input validation error that can result in an
integer overflow and privilege escalation.
All versions between 2.3.1 and 3.3 contain a bug in the
2002 Feb 27
0
[Bug 127] New: PAM with ssh authentication and pam_krb5 doesn't work properly
http://bugzilla.mindrot.org/show_bug.cgi?id=127
Summary: PAM with ssh authentication and pam_krb5 doesn't work
properly
Product: Portable OpenSSH
Version: 3.0.2p1
Platform: UltraSparc
OS/Version: Solaris
Status: NEW
Severity: normal
Priority: P2
Component: sshd
AssignedTo:
2002 Feb 24
0
Sol8/pam_krb5/OpenSSH 3.0.2
with the following pam.conf entries, after being prompted for a login
password the connection is closed:
other auth sufficient /usr/lib/security/$ISA/pam_krb5.so.1
other auth required /usr/lib/security/$ISA/pam_unix.so.1 try_first_pass
the system logs the error:
sshd[4215]: fatal: input_userauth_info_response_pam: no authentication
context
if the pam.conf entry is changed to the
2002 Feb 27
0
[Bug 129] New: PAM with ssh authentication fails treat PAM_NEW_AUTHTOK_REQD properly
http://bugzilla.mindrot.org/show_bug.cgi?id=129
Summary: PAM with ssh authentication fails treat
PAM_NEW_AUTHTOK_REQD properly
Product: Portable OpenSSH
Version: 3.0.2p1
Platform: UltraSparc
OS/Version: Solaris
Status: NEW
Severity: normal
Priority: P2
Component: sshd
2003 Jan 08
2
OPENSSH REMOTE ROOT COMPROMISE ALL VERSIONS (fwd)
There has not been any mention of this, so..
I'm having hard time trying to figure out whether this is for real or just
a joke. (Anyway, I don't use those possibly vulnerable features myself.)
Any analysis yet?
--
Pekka Savola "You each name yourselves king, yet the
Netcore Oy kingdom bleeds."
Systems. Networks. Security. -- George R.R.
2003 Jan 07
0
[Bug 128] PAM with ssh authentication and pam_krb5 doesn't work properly
http://bugzilla.mindrot.org/show_bug.cgi?id=128
djm at mindrot.org changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |DUPLICATE
------- Additional Comments From djm at mindrot.org 2003-01-07 17:58
2001 Feb 10
3
Protocol 2 remote forwarding patch
Hi all,
I'm very new in this list, as looking for codes to plug up the lack of
functionality of "Protocol 2 Remote Forwardig".
Fortunately, I could find it in MARC's archive. Mr. Jarno Huuskonen
posted the codes in Sept, last year, and I tried applying it to my
FreeBSD box environment.
I couldn't apply an original patch, of course, for incompatibility of
virsion. The
2004 Jan 25
1
Puzzled about PAM support in OpenSSH-3.7.1p2
I'm trying to understand the code around PAM support in auth2.c and
auth2-chall.c. I'm working with the OpenSSH 3.7.1p2 sources on
FreeBSD 4.x. The scenario I'm trying to make work is SSH login to a
captive accout for users in a RADIUS database but whose login does not
appear in /etc/passwd or getpwnam().
I understand that if the username is not found in getpwnam(), then the
2002 Feb 02
1
openssh-3.0.2p1 BUGs
Hello,
I looked through the latest stable version of openssh
(3.0.2p1) and found a number of items that concerned
me. I'm not terribly familiar with the coding, so
patches are probably better left to someone else.
Anyways, here a list of issues that I think someone
should look at.
Cheers,
Steve Grubb
--------
File Line Description
Channels.c 1195 If nc == NULL, this line segfaults.
Test
2000 Aug 23
1
Protocol 2 remote forwarding patch
Hi !
Here's a patch to add remote port forwarding support (protocol 2) for
openssh. I have tried to test that it works like it should but a more
thorough testing is needed. This patch adds both client/server support.
The patch should be applied to openssh-2.1.1p4 source tree.
Also included is a PortForwarding sshd_config option, new ./configure
option --disable-forwarding that should make it