Displaying 20 results from an estimated 3000 matches similar to: "Possible issue with PAM/OpenSSH?"
2001 Jul 19
0
Fwd:Re:Announce: Building and Deploying OpenSSH on the Solar (fwd)
I figured I'd forward this on in case someone needs a Sun article talking
about OpenSSH deployment.
- Ben
---------- Forwarded message ----------
Date: Thu, 19 Jul 2001 09:38:35 -0400
From: Alex Noordergraaf <alex.noordergraaf at sun.com>
To: Focus on Sun Mailing List <FOCUS-SUN at securityfocus.com>
Subject: Announce: Building and Deploying OpenSSH on the Solaris OE
A
2002 Mar 26
2
SSH / PAM / Kerberos / password aging
Ok, so, things are complicated.
The PAM standard insists on password aging being done after account
authorization, which comes after user authentication. Kerberos can't
authenticate users whose passwords are expired.
So PAM_KRB5 implementations tend to return PAM_SUCCESS from
pam_krb5:pam_sm_authenticate() and arrange for pam_krb5:pam_sm_acct_mgmt()
to return PAM_NEW_AUTHTOK_REQD, as
2001 Oct 25
3
PAM conversation stuff
Okay, I'm confused again. They way you guys are talking about the
conversation routine, it would seem that you think it is a way to fetch
something from the user - like a new password. Is this possible? Does
calling pam_chauthtok() cause the underlying pam_sm_chauthtok()
eventually print something on stdout and read a new password from stdin
(the socket to the client) using the conversation
2003 Dec 07
0
[PATCH] Do PAM chauthtok via keyboard-interactive.
Hi All.
Attached is another patch that attempts to do pam_chauthtok() via SSH2
keyboard-interactive authentication. It now passes the results from the
authentication thread back to the monitor (based on a suggestion from
djm).
Because of this, it doesn't call do_pam_account twice and consequently
now works on AIX 5.2, which the previous version didn't. I haven't tested
it on any
2000 Sep 13
2
auth-pam.c support for pam_chauthtok()
When we installed OpenSSH 2.1.1p4 on our Solaris systems, our users
noticed that it did not honor password expiration consistently with
other Solaris login services.
The patch below is against OpenSSH 2.2.0p1 and adds support for PAM
password changes on expiration via pam_chauthtok(). A brief summary of
changes:
auth-pam.c:
* change declaration of pamh to "static pam_handle_t *pamh",
2005 Mar 22
3
PAM fails to change user password
Hi, freebsd-security.
I have FreeBSD 5.3-STABLE.
When I try to change user's password (via passwd) I recieve the
following:
passwd: entry inconsistent
passwd: pam_chauthtok(): error in service module
passwd: in pam_sm_chauthtok(): pw_copy() failed
and password stays unchanged.
There are no other errors in the authorization system at all.
Contents of /etc/pam.d stayed unchanged (compared to
2011 Apr 16
0
[LLVMdev] [Fwd: Re: [Fwd: Regarding alias analysis pass]]
---------------------------- Original Message ----------------------------
Subject: [Fwd: Re: [Fwd: Regarding alias analysis pass]]
From: netra at cse.iitb.ac.in
Date: Sat, April 16, 2011 8:38 am
To:
--------------------------------------------------------------------------
Hi,
Actually i wanted to study the kind of aliases recognized by basicaa pass.
aa-eval only gives the # of aliases
2000 Oct 11
1
Expired passwords & PAM
Currently, OpenSSH prints the message:
"Warning: You password has expired, please change it now"
if the password has expired. It would be nice if the user could/had to
change password before continuing, like with Linux console login. I've
tried to make an patch, but it doesn't work. Ideas?
--- auth-pam.c.org Wed Oct 11 18:03:43 2000
+++ auth-pam.c Wed Oct 11 18:03:44
2011 Apr 16
1
[LLVMdev] [Fwd: Re: [Fwd: Regarding Inter Procedural Constant Propagation]]
Hi,
I used the following commands on the program attached below:
llvm-gcc --emit-llvm main.c -c -o main.bc
opt -ipconstprop main.bc -o main1.bc
diff main.bc main1.bc
no difference was o/p :(
The Program Segment is as shown below:
#include <stdio.h>
void f1(int a)
{
a=a+1;
printf("%d",a);
}
void f2()
{
int b;
b=1;
f1(b);
}
int main()
{
int
2002 Mar 26
0
[Bug 188] New: pam_chauthtok() is called too late
http://bugzilla.mindrot.org/show_bug.cgi?id=188
Summary: pam_chauthtok() is called too late
Product: Portable OpenSSH
Version: 3.1p1
Platform: Other
OS/Version: All
Status: NEW
Severity: major
Priority: P2
Component: sshd
AssignedTo: openssh-unix-dev at mindrot.org
ReportedBy:
2003 Jan 24
0
[Bug 473] New: cannot update password using PAM on HP-UX system that has been tsconverted
http://bugzilla.mindrot.org/show_bug.cgi?id=473
Summary: cannot update password using PAM on HP-UX system that
has been tsconverted
Product: Portable OpenSSH
Version: older versions
Platform: All
OS/Version: HP-UX
Status: NEW
Severity: normal
Priority: P2
Component: sshd
2003 Oct 12
4
[PATCH]: Call pam_chauthtok from keyboard-interactive.
Hi All.
This patch calls pam_chauthtok() to change an expired password via PAM
during keyboard-interactive authentication (SSHv2 only). It is tested on
Redhat 8 and Solaris 8.
In theory, it should have simply been a matter of calling pam_chauthtok
with the PAM_CHANGE_EXPIRED_AUTHTOK flag, it'd only change the password is
if it's expired, right? From the Solaris pam_chauthtok man page:
2003 Nov 13
0
[PATCH] Make PAM chauthtok_conv function into tty_conv
Hi All.
Attached is a patch that converts pam_chauthtok_conv into a generic
pam_tty_conv, which is used rather than null_conv for do_pam_session.
This allows, for example, display of messages from PAM session modules.
The accumulation of PAM messages into loginmsg won't help until there is
a way to collect loginmsg from the monitor (see, eg, the patches for bug
#463). This is because the
2004 Dec 28
2
LinuxPAM and sshd: changing conversation function doesn't work but claims to.
Hi.
I'm one of the OpenSSH developers, and I've done some of the work on
sshd's PAM interface recently.
I've discovered some behaviour peculiar to LinuxPAM that I can't
explain: changing the conversation function does not appear to work,
even though the pam_set_item() call claims to succeed. The previous
conversation function is still called.
Background: the PAM API
2006 Mar 08
2
INSTALLING CENTOS SPARC
I'm trying to install CentOS SPARC on a Netra T1, but it boots from disk and i want to know how to enter the bios and set up that boots from cdrom. The other problem i have is that when the Netra T1 is booting it gets stuck when makes a NIS request, and says "Time out for NIS to come up".
I know this problem doesn't have relation with CentOS but if somebody has installed CentOS
2002 Dec 10
5
[PATCH] Password expiry with Privsep and PAM
Hi All.
Attached is a patch that implements password expiry with PAM and
privsep. It works by passing a descriptor to the tty to the monitor,
which sets up a child with that tty as stdin/stdout/stderr, then runs
chauthtok(). No setuid helpers.
I used some parts of Michael Steffens' patch (bugid #423) to make it
work on HP-UX.
It's still rough but it works. Tested on Solaris 8 and
2013 Sep 06
0
[fdo] Is it good place to announce about new projects?
This question appeared after i noticed, that huge amount of projects, most of
which was not known to me before, have own lists.
Before that i registered in xdg list thinking, that it is good to announce new
projects (i even sent ther posts about two tools ? window-docker and
fdopenres). They are too small imho, to dedicate lists for them, and as for
first ? i don't know, what is better
2003 Nov 13
0
[PATCH] Perform do_pam_chauthtok via SSH2 keyboard-interactive.
Hi All.
Attached is a patch to perform pam_chauthtok via SSH2
keyboard-interactive. It should be simpler, but since Solaris seems to
ignore the CHANGE_EXPIRED_AUTHTOK flag, it calls do_pam_account to check
if it's expired. To minimise the change in behaviour, it also caches the
result so pam_acct_mgmt still only gets called once.
This doesn't seem to work on AIX 5.2, I don't know
2003 Oct 29
4
Fix for USE_POSIX_THREADS in auth-pam.c
As many of you know, OpenSSH 3.7.X, unlike previous versions, makes
PAM authentication take place in a separate process or thread
(launched from sshpam_init_ctx() in auth-pam.c). By default (if you
don't define USE_POSIX_THREADS) the code "fork"s a separate process.
Or if you define USE_POSIX_THREADS it will create a new thread (a
second one, in addition to the primary thread).
The
2001 Oct 31
3
2.9.9p2 and Solaris-2.8 PAM: Cannot delete credentials[7]: Permission denied
The 2 errors:
pam_setcred: error Permission denied
Cannot delete credentials[7]: Permission denied
Looks to be a major bug in the PAM module for Solaris-2.8/2.7/2.6.
Has anyone from the list (developers of OpenSSH, endusers, hackers, etc.)
came up w/ a solution? Even a temporary one?
When authenticating yourself on the same system that worked, but when
authenticating to another system failed. I