Displaying 20 results from an estimated 400 matches similar to: "[Bug 228] New: pam_krb5 on Solaris creates credentials with wrong owner"
2002 Feb 15
1
IRIX cleanup.
Can I get someone from the IRIX group to apply this patch to the
3.0.2pX release and reconfigure/compile. I'm trying to clean out
do_child() in perparation of a larger patch to that part of the code.
Also if someone could give me the hint for the right compiler magic
to wrap the code in instead of what I'm doing now. I'd be thankful.
Thanks
- Ben
diff -urN
2000 Nov 10
0
Irix job limits patch
I've finished the 2.3 patch for Irix job limits. It's a bit longer than
a couple of lines. The bulk of the patch changes the configuration files to
enable the job limits support on Irix. The meat of the change is in
session.c where the new job containter is created at the same point as the
other Irix specific actions.
- Dennis
--- config.h.in Sun Nov 5 21:25:18 2000
+++ config.h.in
2005 May 12
0
[PATCH] Trusted IRIX Support
I developed a better prototype quicker than I expected.
Please provide feedback. It's been a few years since I've used autoconf,
so I'm not certain the new defines were integrated correctly.
Jason
diff -r -C3 openssh-4.0p1/acconfig.h openssh-4.0p1.trix/acconfig.h
*** openssh-4.0p1/acconfig.h Fri Feb 25 17:07:38 2005
--- openssh-4.0p1.trix/acconfig.h Thu May 12 10:32:25
2002 Mar 07
1
Irix joblimits failure (was: Re: New snapshot)
IRIX has a compatibility mechanism that lets you test for optional symbols (like jlimit_start) at run-time. I think these patches will let all all IRIX 6.5 systems build images that will test for job limit support dynamically:
--- ./configure.ac Wed Feb 27 01:12:35 2002
+++ ../openssh-3.1p1/./configure.ac Thu Mar 7 15:50:21 2002
@@ -115,7 +115,7 @@
AC_DEFINE(WITH_IRIX_ARRAY)
2003 May 26
1
[patch] port-irix.c: refine jlimit support
--- openbsd-compat/port-irix.c.orig 2002-04-07 03:58:33.000000000 +0900
+++ openbsd-compat/port-irix.c 2003-05-27 02:11:07.620000380 +0900
@@ -7,6 +7,12 @@
#endif /* WITH_IRIX_PROJECT */
#ifdef WITH_IRIX_JOBS
#include <sys/resource.h>
+#include <optional_sym.h>
+# if !defined(JLIMIT_CPU)
+typedef __int64_t jid_t;
+extern jid_t jlimit_startjob(char *, uid_t, char *);
+# pragma
2002 Oct 21
0
[Bug 419] New: HP-UX PAM problems with 3.5p1
http://bugzilla.mindrot.org/show_bug.cgi?id=419
Summary: HP-UX PAM problems with 3.5p1
Product: Portable OpenSSH
Version: -current
Platform: HPPA
OS/Version: HP-UX
Status: NEW
Severity: normal
Priority: P2
Component: sshd
AssignedTo: openssh-unix-dev at mindrot.org
ReportedBy:
2002 Jul 16
2
HP-UX PAM with Trusted System patch
I'm fairly new to the list and new to submitting patches. Can someone
please verify the attached patch for running a HP-UX Trusted System with
PAM and OpenSSH 3.4p1? The problem seemed to be that pam couldn't verify
the user via __pamh after the call to permanently_set_uid in session.c.
So I called do_pam_session prior to the call and added a function
do_pam_set_tty in order to set the
2001 Sep 06
0
line_abbrevname patch
Once upon a time there were two places in the loginrec code that were
ifdef'd sgi and which stripped the "tty" off the line along with the
"dev" when recording utmp. (Specifically it was being done in
line_stripname and line_abbrevname.) Doing that in line_stripname was
wrong, because it broke things like wall that expected the ut_line to
have the "tty" present.
2002 Dec 21
6
[PATCH] PAM chauthtok + Privsep
Hello All.
Attached is an update to my previous patch to make do_pam_chauthtok and
privsep play nicely together.
First, a question: does anybody care about these or the password
expiration patches?
Anyway, the "PRIVSEP(do_pam_hauthtok())" has been moved to just after
the pty has been allocated but before it's made the controlling tty.
This allows the child running chauthtok to
2002 Jun 28
3
AIX usrinfo() cleanup.
Can we do this? Or should we drop the whole char *tty; ? There will
be no way of setting the TTY= correctly while using privsep (Mainly for
multiple streams over single session).
The only thing we really could do is do:
In do_setusercontext()
if (use_privsep)
aix_usrinfo(pw, NULL);
and back in the old spot put:
if (!use_privsep)
aix_usrinfo(pw, s->ttyfd == -1 ? NULL : s->tty);
2002 Dec 10
5
[PATCH] Password expiry with Privsep and PAM
Hi All.
Attached is a patch that implements password expiry with PAM and
privsep. It works by passing a descriptor to the tty to the monitor,
which sets up a child with that tty as stdin/stdout/stderr, then runs
chauthtok(). No setuid helpers.
I used some parts of Michael Steffens' patch (bugid #423) to make it
work on HP-UX.
It's still rough but it works. Tested on Solaris 8 and
2002 Jun 25
1
PrivSep and AIX 4.3.2
With 3.3p1 built on AIX 4.3.2:
$ ssh [blah]
Couldn't set usrinfo: Not owner
debug1: Calling cleanup 0x20019080(0x200219a0)
debug3: mm_request_send entering: type 27
debug1: Calling cleanup 0x20018dd4(0x0)
Connection to songohan closed by remote host.
Connection to songohan closed.
Output from sshd -d -d -d:
...
debug3: tty_parse_modes: 92 0
debug3: tty_parse_modes: 93 0
2005 Sep 19
1
ssh hangs or gives Segmentation fault
Details of installation attached.
Effect: when I build and test (with full path names) ssh in the openssh...
directory, everything works fine. When I "install" it as per attached file
into a test-directory and run it from there, there are 2 phenomena:
either it just hangs, eating 96% of CPU
or it dies with a Segmentation fault (this is what happens most often)
Help needed
2000 Jun 21
0
IRIX patches
The attached patch adds support for array sessions, project id's, and
system audit trail id. Arrays are available at least on UNICOS in
addition to IRIX. The project id & audit stuff is IRIX specific.
Otherwise, the IRIX support in the current OpenSSHp looks good. (There
were some utmp/wtmp oddities, but I think they've gone away in the
latest release.)
--
Mike Stone
--------------
2002 Apr 22
0
PAM on Solaris
I have been having problems with openssh and PAM on my Solaris 8 box. I needed
to use pam_krb5, and I always got the wrong owner on my credentials file
/tmp/krb5cc_xxxx. The owner became root...
It seems to me that the settings of uid should be before actually calling
pam_setcred() in session.c, and when I do change around those lines, it
started to work.
From what I can see this is not
2000 Nov 14
14
New snapshot
I have just uploaded a new snapshot to:
http://www.mindrot.org/misc/openssh/openssh-SNAP-20001114.tar.gz
This snapshot includes Markus Friedl's new SSH2 RSA authentication work
and -R portforwarding for SSH2. Please give these a good test.
The new RSA authentications works similar to the current SSH2 DSA keys,
but requires a little modification to config files. Currently RSA
key cannot be
2002 Feb 20
11
Call for testing.
Recently we made somemajor changes to do_child() in
OpenSSH -current. Those changes included splitting it up
into smaller chunks to help with readability and also to
extract out IRIX and AIX specific code to reduce the number
of lines in our diffs against the OpenSSH tree.
I need people to do some testing on different platforms to ensure
that all the right #ifdef/#endif bits got put back in
2001 Jan 03
1
chroot.diff
Hi there, everyone;
I've had a few requests for an updated version of my chroot patch. (the
version found in contrib is outdated)
So, here it goes, updated to 2.3.0p1; "chroot.diff" is a plain diff for
session.c (apply, compile and go). "chroot+configure.diff" is the same
patch, plus an option to "configure" for enabling/disabling chroot support
(./configure
2003 Jan 07
2
[Bug 127] PAM with ssh authentication and pam_krb5 doesn't work properly
http://bugzilla.mindrot.org/show_bug.cgi?id=127
------- Additional Comments From djm at mindrot.org 2003-01-07 17:13 -------
This fix is incorrect - the creds (which are often supplemental groups) need to
be restablished after initgroups(), which we call elsewhere.
Does the PAM module not support restablishing credentials?
------- You are receiving this mail because: -------
You are the
2005 Nov 03
2
Question about GSSAPI with OpenSSH 4.2p1
Hey all, perhaps someone might be able to shed a little light on this
problem. Nothing I find in books and groups seem to address the
problem. I'm trying to set up a series of connections with ssh that
authenticate through GSSAPI. However, it seems that the credentials are
not getting passed.
>From the client..
debug1: Next authentication method: gssapi-with-mic
debug2: we sent a