similar to: pam_limits module bug and its effects on pam applications

Hi, I have an account server with many users. It uses pam_limits module to limit memory usage etc. The problem is that sometimes SSH rejects connection after the password is entered. In syslog it prints something like "fork: Resource temporary unavailable". After killing some root processes it works perfectly. Perhaps the daemon first sets process limits and then switches to

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 openssh-1.2.1pre23 is available on: http://violet.ibs.com.au/openssh/files/ Highlights of this release: - - A cleanup of the PAM code (it now lives in auth-pam.[ch]). This also fixes a bug where sshd was ignoring a "PermitRootLogin without-password" directive. - - David Randkin's SOCKS support using the Dante libraries. I have not

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 openssh-1.2.1pre23 is available on: http://violet.ibs.com.au/openssh/files/ Highlights of this release: - - A cleanup of the PAM code (it now lives in auth-pam.[ch]). This also fixes a bug where sshd was ignoring a "PermitRootLogin without-password" directive. - - David Randkin's SOCKS support using the Dante libraries. I have not

http://bugzilla.mindrot.org/show_bug.cgi?id=1339 Summary: pam_dhkeys doesn't work (PAM_REINITIALIZE_CRED without PAM_ESTABLISH_CRED) Product: Portable OpenSSH Version: 4.6p1 Platform: Sparc OS/Version: Solaris Status: NEW Severity: normal Priority: P2 Component: PAM support

http://bugzilla.mindrot.org/show_bug.cgi?id=419 Summary: HP-UX PAM problems with 3.5p1 Product: Portable OpenSSH Version: -current Platform: HPPA OS/Version: HP-UX Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: openssh-unix-dev at mindrot.org ReportedBy:

I've attached two patches. The first just changes the output of "ssh -V" to print that it was built against rsaref if libRSAglue (which is built as part of openssl only when it is built against rsaref) is present at build-time. The second adds appropriate calls to pam_setcred() in sshd. Without them, our systems can't access AFS because the PAM modules only get tokens at a

Having a difficult problem getting my pam_access.so module enforced on a 3.0.22 version of Samba. Here is my /etc/pam.d/samba file: auth required pam_winbind.so debug account required pam_access.so account sufficient pam_winbind.so debug account include system-auth session include system-auth session required pam_winbind.so debug My

https://bugzilla.mindrot.org/show_bug.cgi?id=2399 Bug ID: 2399 Summary: openssh server should fatal out when pam_setcred and pam_open_session fail Product: Portable OpenSSH Version: 6.8p1 Hardware: Sparc OS: Solaris Status: NEW Severity: normal Priority: P5

We recently started upgrading OpenSSH on our Sol8 systems and we've run into a problem were we can run commands on a remote system since we installed 3.7.1p1. The debug output from sshd is attached below. We use PAM in our environment, and have since 2.9.9p2. I think most of the systems were running 3.4p1 prior installing 3.7.1p1 and they were working - the only thing we replaced was

Package: xen-utils-common Version: 3.2.0-2 In network bridge, IP addresses of ${netdev} are correctly transferred to ${tdev} which later is renamed to ${bridge} (by default = ${netdev}). But then there is ifup ${bridge} which sets up again the network configuration for ${bdrige}/${netdev} and aliases (e.g. eth0:1 defined in /etc/network/interfaces) are loosed. Regards, Ognyan Kulev

Hello we have Samba Version 4.3.11, we are trying to logon linux desktop clients on domain, we easy can join the client on the domain with net rpc join -S 10.11.37.3 -U xxxxx it is satisfactory. We don't have kinit server. Later we install libpam-winbind, winbind ,libnss-winbind and samba on the client side. Edit nsswitch.conf --> passwd: compat winbind

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Time for a new cifs-utils release! The big bullet point in this release is a new pam_cifscreds module that has been added by Orion Poplawski. This release also cleans some unused cruft out of some of the binaries so they're quite a bit smaller now and fixes a few bugs that Coverity turned up. Go forth and download! webpage:

Ooops, I missed that one, sorry. I'll see if it helps. Thx. Nick Nick (Gunnar) Bluth Linux Systems Administrator Dresdner Kleinwort Wasserstein Dresdner Bank AG Global Business Services <mailto: gunnar.bluth at DrKW.com> IT Operational Integrity Voice: +49 69 263 57913 (97000 - 57913) J?rgen-Ponto-Platz 1 Fax: +49 69 263 16994 (97000 - 16994) D-60301

On 02/07/2020 20:32, jmpatagonia via samba wrote: > Ok, know from desktop logon apparently the user logon right, look user > 'policia\gafranchello' granted access on the trace below, but still tel me > "Invalid password please try again" > > Jul 2 16:15:03 samba-cliente polkitd(authority=local): Unregistered > Authentication Agent for unix-session:c6 (system

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Time for another cifs-utils release! Nothing terribly earth shattering here. Some distros (like Fedora) are moving krb5 credcaches out of /tmp by default. Users of these distros will definitely want to upgrade. Highlights: * Fixes for mounting with '/' in usernames with sec=krb5 * Support for DIR: type krb5 ccaches * support for

On Solaris, the pam_unix module includes a pam_session which updates the lastlog file. Since OpenSSH calls pam_session before reading the lastlog file, SSH logins to systems with this configuration (as well as similar ones, I'd imagine) report the last login time and remote host as the values from the current session. My solution to this problem is to call pam_open_session in the child,

okay, i reversed that patch out and solaris 7 still works fine with pam... devon ----- Original Message ----- From: <mouring at etoh.eviladmin.org> To: <devon at admin2.gisnetworks.com> Sent: Thursday, February 22, 2001 10:43 AM Subject: Re: Solaris and Latest snapshot (2001-02-21) (fwd) > > > ---------- Forwarded message ---------- > Date: Wed, 21 Feb 2001 17:54:19

safely say they can't get it to work period. I personally (this is ME.. not anyone else mind you!) find it silly to for a bunch of people to stand up and yell "Not vulnerable!". It makes it harder to find the few people in the crowd yelling "Hey, idiots.. upgrade! We are affected!" However, in --current we did decide all fatal() calls should skip dealing with zlib stuff

Beyond any more general questions of whether pam sessions *should* be run as root, is there an immediate security concern with moving the pam_open_session (and pam_setcred) stuff to the parent (root) process? (E.g., via the patch below.) -- Mike Stone diff -u -r1.4 auth-pam.c --- auth-pam.c 25 Jun 2002 00:45:33 -0000 1.4 +++ auth-pam.c 25 Jun 2002 20:33:41 -0000 @@ -286,6 +286,8 @@

Package: xcp-xapi Version: 1.3.2-11 xe-reset-networking uses Fedora/CentOS-specific paths like /etc/firstboot.d (perhaps /var/lib/xcp/firstboot.d instead? - this is used in other places) and /etc/sysconfig and possibly others. The script doesn't properly reset networking due to this. Regards, Ognyan Kulev -- Sent from my Android phone with K-9 Mail. Please excuse my brevity.