similar to: Possible issue with PAM/OpenSSH?

Displaying 20 results from an estimated 3000 matches similar to: "Possible issue with PAM/OpenSSH?"

2001 Jul 19
0
Fwd:Re:Announce: Building and Deploying OpenSSH on the Solar (fwd)
I figured I'd forward this on in case someone needs a Sun article talking about OpenSSH deployment. - Ben ---------- Forwarded message ---------- Date: Thu, 19 Jul 2001 09:38:35 -0400 From: Alex Noordergraaf <alex.noordergraaf at sun.com> To: Focus on Sun Mailing List <FOCUS-SUN at securityfocus.com> Subject: Announce: Building and Deploying OpenSSH on the Solaris OE A
2002 Mar 26
2
SSH / PAM / Kerberos / password aging
Ok, so, things are complicated. The PAM standard insists on password aging being done after account authorization, which comes after user authentication. Kerberos can't authenticate users whose passwords are expired. So PAM_KRB5 implementations tend to return PAM_SUCCESS from pam_krb5:pam_sm_authenticate() and arrange for pam_krb5:pam_sm_acct_mgmt() to return PAM_NEW_AUTHTOK_REQD, as
2001 Oct 25
3
PAM conversation stuff
Okay, I'm confused again. They way you guys are talking about the conversation routine, it would seem that you think it is a way to fetch something from the user - like a new password. Is this possible? Does calling pam_chauthtok() cause the underlying pam_sm_chauthtok() eventually print something on stdout and read a new password from stdin (the socket to the client) using the conversation
2003 Dec 07
0
[PATCH] Do PAM chauthtok via keyboard-interactive.
Hi All. Attached is another patch that attempts to do pam_chauthtok() via SSH2 keyboard-interactive authentication. It now passes the results from the authentication thread back to the monitor (based on a suggestion from djm). Because of this, it doesn't call do_pam_account twice and consequently now works on AIX 5.2, which the previous version didn't. I haven't tested it on any
2000 Sep 13
2
auth-pam.c support for pam_chauthtok()
When we installed OpenSSH 2.1.1p4 on our Solaris systems, our users noticed that it did not honor password expiration consistently with other Solaris login services. The patch below is against OpenSSH 2.2.0p1 and adds support for PAM password changes on expiration via pam_chauthtok(). A brief summary of changes: auth-pam.c: * change declaration of pamh to "static pam_handle_t *pamh",
2005 Mar 22
3
PAM fails to change user password
Hi, freebsd-security. I have FreeBSD 5.3-STABLE. When I try to change user's password (via passwd) I recieve the following: passwd: entry inconsistent passwd: pam_chauthtok(): error in service module passwd: in pam_sm_chauthtok(): pw_copy() failed and password stays unchanged. There are no other errors in the authorization system at all. Contents of /etc/pam.d stayed unchanged (compared to
2011 Apr 16
0
[LLVMdev] [Fwd: Re: [Fwd: Regarding alias analysis pass]]
---------------------------- Original Message ---------------------------- Subject: [Fwd: Re: [Fwd: Regarding alias analysis pass]] From: netra at cse.iitb.ac.in Date: Sat, April 16, 2011 8:38 am To: -------------------------------------------------------------------------- Hi, Actually i wanted to study the kind of aliases recognized by basicaa pass. aa-eval only gives the # of aliases
2000 Oct 11
1
Expired passwords & PAM
Currently, OpenSSH prints the message: "Warning: You password has expired, please change it now" if the password has expired. It would be nice if the user could/had to change password before continuing, like with Linux console login. I've tried to make an patch, but it doesn't work. Ideas? --- auth-pam.c.org Wed Oct 11 18:03:43 2000 +++ auth-pam.c Wed Oct 11 18:03:44
2011 Apr 16
1
[LLVMdev] [Fwd: Re: [Fwd: Regarding Inter Procedural Constant Propagation]]
Hi, I used the following commands on the program attached below: llvm-gcc --emit-llvm main.c -c -o main.bc opt -ipconstprop main.bc -o main1.bc diff main.bc main1.bc no difference was o/p :( The Program Segment is as shown below: #include <stdio.h> void f1(int a) { a=a+1; printf("%d",a); } void f2() { int b; b=1; f1(b); } int main() { int
2002 Mar 26
0
[Bug 188] New: pam_chauthtok() is called too late
http://bugzilla.mindrot.org/show_bug.cgi?id=188 Summary: pam_chauthtok() is called too late Product: Portable OpenSSH Version: 3.1p1 Platform: Other OS/Version: All Status: NEW Severity: major Priority: P2 Component: sshd AssignedTo: openssh-unix-dev at mindrot.org ReportedBy:
2003 Jan 24
0
[Bug 473] New: cannot update password using PAM on HP-UX system that has been tsconverted
http://bugzilla.mindrot.org/show_bug.cgi?id=473 Summary: cannot update password using PAM on HP-UX system that has been tsconverted Product: Portable OpenSSH Version: older versions Platform: All OS/Version: HP-UX Status: NEW Severity: normal Priority: P2 Component: sshd
2003 Oct 12
4
[PATCH]: Call pam_chauthtok from keyboard-interactive.
Hi All. This patch calls pam_chauthtok() to change an expired password via PAM during keyboard-interactive authentication (SSHv2 only). It is tested on Redhat 8 and Solaris 8. In theory, it should have simply been a matter of calling pam_chauthtok with the PAM_CHANGE_EXPIRED_AUTHTOK flag, it'd only change the password is if it's expired, right? From the Solaris pam_chauthtok man page:
2003 Nov 13
0
[PATCH] Make PAM chauthtok_conv function into tty_conv
Hi All. Attached is a patch that converts pam_chauthtok_conv into a generic pam_tty_conv, which is used rather than null_conv for do_pam_session. This allows, for example, display of messages from PAM session modules. The accumulation of PAM messages into loginmsg won't help until there is a way to collect loginmsg from the monitor (see, eg, the patches for bug #463). This is because the
2004 Dec 28
2
LinuxPAM and sshd: changing conversation function doesn't work but claims to.
Hi. I'm one of the OpenSSH developers, and I've done some of the work on sshd's PAM interface recently. I've discovered some behaviour peculiar to LinuxPAM that I can't explain: changing the conversation function does not appear to work, even though the pam_set_item() call claims to succeed. The previous conversation function is still called. Background: the PAM API
2006 Mar 08
2
INSTALLING CENTOS SPARC
I'm trying to install CentOS SPARC on a Netra T1, but it boots from disk and i want to know how to enter the bios and set up that boots from cdrom. The other problem i have is that when the Netra T1 is booting it gets stuck when makes a NIS request, and says "Time out for NIS to come up". I know this problem doesn't have relation with CentOS but if somebody has installed CentOS
2002 Dec 10
5
[PATCH] Password expiry with Privsep and PAM
Hi All. Attached is a patch that implements password expiry with PAM and privsep. It works by passing a descriptor to the tty to the monitor, which sets up a child with that tty as stdin/stdout/stderr, then runs chauthtok(). No setuid helpers. I used some parts of Michael Steffens' patch (bugid #423) to make it work on HP-UX. It's still rough but it works. Tested on Solaris 8 and
2013 Sep 06
0
[fdo] Is it good place to announce about new projects?
This question appeared after i noticed, that huge amount of projects, most of which was not known to me before, have own lists. Before that i registered in xdg list thinking, that it is good to announce new projects (i even sent ther posts about two tools ? window-docker and fdopenres). They are too small imho, to dedicate lists for them, and as for first ? i don't know, what is better
2003 Nov 13
0
[PATCH] Perform do_pam_chauthtok via SSH2 keyboard-interactive.
Hi All. Attached is a patch to perform pam_chauthtok via SSH2 keyboard-interactive. It should be simpler, but since Solaris seems to ignore the CHANGE_EXPIRED_AUTHTOK flag, it calls do_pam_account to check if it's expired. To minimise the change in behaviour, it also caches the result so pam_acct_mgmt still only gets called once. This doesn't seem to work on AIX 5.2, I don't know
2003 Oct 29
4
Fix for USE_POSIX_THREADS in auth-pam.c
As many of you know, OpenSSH 3.7.X, unlike previous versions, makes PAM authentication take place in a separate process or thread (launched from sshpam_init_ctx() in auth-pam.c). By default (if you don't define USE_POSIX_THREADS) the code "fork"s a separate process. Or if you define USE_POSIX_THREADS it will create a new thread (a second one, in addition to the primary thread). The
2001 Oct 31
3
2.9.9p2 and Solaris-2.8 PAM: Cannot delete credentials[7]: Permission denied
The 2 errors: pam_setcred: error Permission denied Cannot delete credentials[7]: Permission denied Looks to be a major bug in the PAM module for Solaris-2.8/2.7/2.6. Has anyone from the list (developers of OpenSSH, endusers, hackers, etc.) came up w/ a solution? Even a temporary one? When authenticating yourself on the same system that worked, but when authenticating to another system failed. I