similar to: [Bug 228] New: pam_krb5 on Solaris creates credentials with wrong owner

Can I get someone from the IRIX group to apply this patch to the 3.0.2pX release and reconfigure/compile. I'm trying to clean out do_child() in perparation of a larger patch to that part of the code. Also if someone could give me the hint for the right compiler magic to wrap the code in instead of what I'm doing now. I'd be thankful. Thanks - Ben diff -urN

I've finished the 2.3 patch for Irix job limits. It's a bit longer than a couple of lines. The bulk of the patch changes the configuration files to enable the job limits support on Irix. The meat of the change is in session.c where the new job containter is created at the same point as the other Irix specific actions. - Dennis --- config.h.in Sun Nov 5 21:25:18 2000 +++ config.h.in

I developed a better prototype quicker than I expected. Please provide feedback. It's been a few years since I've used autoconf, so I'm not certain the new defines were integrated correctly. Jason diff -r -C3 openssh-4.0p1/acconfig.h openssh-4.0p1.trix/acconfig.h *** openssh-4.0p1/acconfig.h Fri Feb 25 17:07:38 2005 --- openssh-4.0p1.trix/acconfig.h Thu May 12 10:32:25

IRIX has a compatibility mechanism that lets you test for optional symbols (like jlimit_start) at run-time. I think these patches will let all all IRIX 6.5 systems build images that will test for job limit support dynamically: --- ./configure.ac Wed Feb 27 01:12:35 2002 +++ ../openssh-3.1p1/./configure.ac Thu Mar 7 15:50:21 2002 @@ -115,7 +115,7 @@ AC_DEFINE(WITH_IRIX_ARRAY)

--- openbsd-compat/port-irix.c.orig 2002-04-07 03:58:33.000000000 +0900 +++ openbsd-compat/port-irix.c 2003-05-27 02:11:07.620000380 +0900 @@ -7,6 +7,12 @@ #endif /* WITH_IRIX_PROJECT */ #ifdef WITH_IRIX_JOBS #include <sys/resource.h> +#include <optional_sym.h> +# if !defined(JLIMIT_CPU) +typedef __int64_t jid_t; +extern jid_t jlimit_startjob(char *, uid_t, char *); +# pragma

http://bugzilla.mindrot.org/show_bug.cgi?id=419 Summary: HP-UX PAM problems with 3.5p1 Product: Portable OpenSSH Version: -current Platform: HPPA OS/Version: HP-UX Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: openssh-unix-dev at mindrot.org ReportedBy:

I'm fairly new to the list and new to submitting patches. Can someone please verify the attached patch for running a HP-UX Trusted System with PAM and OpenSSH 3.4p1? The problem seemed to be that pam couldn't verify the user via __pamh after the call to permanently_set_uid in session.c. So I called do_pam_session prior to the call and added a function do_pam_set_tty in order to set the

Once upon a time there were two places in the loginrec code that were ifdef'd sgi and which stripped the "tty" off the line along with the "dev" when recording utmp. (Specifically it was being done in line_stripname and line_abbrevname.) Doing that in line_stripname was wrong, because it broke things like wall that expected the ut_line to have the "tty" present.

Hello All. Attached is an update to my previous patch to make do_pam_chauthtok and privsep play nicely together. First, a question: does anybody care about these or the password expiration patches? Anyway, the "PRIVSEP(do_pam_hauthtok())" has been moved to just after the pty has been allocated but before it's made the controlling tty. This allows the child running chauthtok to

Can we do this? Or should we drop the whole char *tty; ? There will be no way of setting the TTY= correctly while using privsep (Mainly for multiple streams over single session). The only thing we really could do is do: In do_setusercontext() if (use_privsep) aix_usrinfo(pw, NULL); and back in the old spot put: if (!use_privsep) aix_usrinfo(pw, s->ttyfd == -1 ? NULL : s->tty);

Hi All. Attached is a patch that implements password expiry with PAM and privsep. It works by passing a descriptor to the tty to the monitor, which sets up a child with that tty as stdin/stdout/stderr, then runs chauthtok(). No setuid helpers. I used some parts of Michael Steffens' patch (bugid #423) to make it work on HP-UX. It's still rough but it works. Tested on Solaris 8 and

With 3.3p1 built on AIX 4.3.2: $ ssh [blah] Couldn't set usrinfo: Not owner debug1: Calling cleanup 0x20019080(0x200219a0) debug3: mm_request_send entering: type 27 debug1: Calling cleanup 0x20018dd4(0x0) Connection to songohan closed by remote host. Connection to songohan closed. Output from sshd -d -d -d: ... debug3: tty_parse_modes: 92 0 debug3: tty_parse_modes: 93 0

Details of installation attached. Effect: when I build and test (with full path names) ssh in the openssh... directory, everything works fine. When I "install" it as per attached file into a test-directory and run it from there, there are 2 phenomena: either it just hangs, eating 96% of CPU or it dies with a Segmentation fault (this is what happens most often) Help needed

The attached patch adds support for array sessions, project id's, and system audit trail id. Arrays are available at least on UNICOS in addition to IRIX. The project id & audit stuff is IRIX specific. Otherwise, the IRIX support in the current OpenSSHp looks good. (There were some utmp/wtmp oddities, but I think they've gone away in the latest release.) -- Mike Stone --------------

I have been having problems with openssh and PAM on my Solaris 8 box. I needed to use pam_krb5, and I always got the wrong owner on my credentials file /tmp/krb5cc_xxxx. The owner became root... It seems to me that the settings of uid should be before actually calling pam_setcred() in session.c, and when I do change around those lines, it started to work. From what I can see this is not

I have just uploaded a new snapshot to: http://www.mindrot.org/misc/openssh/openssh-SNAP-20001114.tar.gz This snapshot includes Markus Friedl's new SSH2 RSA authentication work and -R portforwarding for SSH2. Please give these a good test. The new RSA authentications works similar to the current SSH2 DSA keys, but requires a little modification to config files. Currently RSA key cannot be

Recently we made somemajor changes to do_child() in OpenSSH -current. Those changes included splitting it up into smaller chunks to help with readability and also to extract out IRIX and AIX specific code to reduce the number of lines in our diffs against the OpenSSH tree. I need people to do some testing on different platforms to ensure that all the right #ifdef/#endif bits got put back in

Hi there, everyone; I've had a few requests for an updated version of my chroot patch. (the version found in contrib is outdated) So, here it goes, updated to 2.3.0p1; "chroot.diff" is a plain diff for session.c (apply, compile and go). "chroot+configure.diff" is the same patch, plus an option to "configure" for enabling/disabling chroot support (./configure

http://bugzilla.mindrot.org/show_bug.cgi?id=127 ------- Additional Comments From djm at mindrot.org 2003-01-07 17:13 ------- This fix is incorrect - the creds (which are often supplemental groups) need to be restablished after initgroups(), which we call elsewhere. Does the PAM module not support restablishing credentials? ------- You are receiving this mail because: ------- You are the

Hey all, perhaps someone might be able to shed a little light on this problem. Nothing I find in books and groups seem to address the problem. I'm trying to set up a series of connections with ssh that authenticate through GSSAPI. However, it seems that the credentials are not getting passed. >From the client.. debug1: Next authentication method: gssapi-with-mic debug2: we sent a