Displaying 20 results from an estimated 6000 matches similar to: "[Bug 278] ssh allows auto login even if account is locked"
2001 Sep 05
1
reinit_creds (was Re: OpenSSHd barfs upon reauthentication: PAM, Solaris 8)
>> >Could we please have a clarification on the semantics of
>> >PAM_CRED_ESTABLISH vs. the semantics of PAM_REINITIALIZE_CREDS?
>>
>> My interpretation is:
>>
>> You call PAM_ESTABLISH_CRED to create them
>> You call PAM_REINITIALIZE_CRED to update creds that can expire over time,
>> for example a kerberos ticket.
Oops. I meant
2002 May 22
3
Openssh still logs in while passwd is locked
>Using OpenSSH 3.1p1 on a Sun Solaris 7 box, I disabled an account using the
>'passwd -l ...' command to lock the users password. However, the user can
>still access the system via ssh. Whilst I could do other things such as
>moving their .ssh directory, removing their account home directory, etc,
>etc, is there some 'nicer' way to inform ssh that the account is now
2001 Sep 05
2
reinit_creds (was Re: OpenSSHd barfs upon reauthentication: PAM, Solaris 8)
>Neither the Sun PAM documentation nor the Linux-PAM documentation
>describe the semantics of PAM_REINITIALIZE_CREDS in any useful detail.
I would agree it is vague, but then that is also a problem with the XSSO
document (http://www.opengroup.org/onlinepubs/008329799/)
>Could we please have a clarification on the semantics of
>PAM_CRED_ESTABLISH vs. the semantics of
2003 Oct 29
4
Fix for USE_POSIX_THREADS in auth-pam.c
As many of you know, OpenSSH 3.7.X, unlike previous versions, makes
PAM authentication take place in a separate process or thread
(launched from sshpam_init_ctx() in auth-pam.c). By default (if you
don't define USE_POSIX_THREADS) the code "fork"s a separate process.
Or if you define USE_POSIX_THREADS it will create a new thread (a
second one, in addition to the primary thread).
The
2016 Mar 04
7
[Bug 2548] New: Make pam_set_data/pam_get_data work with OpenSSH
https://bugzilla.mindrot.org/show_bug.cgi?id=2548
Bug ID: 2548
Summary: Make pam_set_data/pam_get_data work with OpenSSH
Product: Portable OpenSSH
Version: 7.2p1
Hardware: Sparc
OS: Solaris
Status: NEW
Severity: major
Priority: P5
Component: PAM support
Assignee:
2003 Oct 12
4
[PATCH]: Call pam_chauthtok from keyboard-interactive.
Hi All.
This patch calls pam_chauthtok() to change an expired password via PAM
during keyboard-interactive authentication (SSHv2 only). It is tested on
Redhat 8 and Solaris 8.
In theory, it should have simply been a matter of calling pam_chauthtok
with the PAM_CHANGE_EXPIRED_AUTHTOK flag, it'd only change the password is
if it's expired, right? From the Solaris pam_chauthtok man page:
2007 May 24
2
[RFC][PATCH] Detect and handle PAM changing user name
I've implemented a patch to openssh which allows the PAM auth layer
to detect if the PAM stack has changed the user name and then adjusts
its internal data structures accordingly. (imagine a PAM stack that
uses individual credentials to authenticate, but assigns the user to
a role account).
First, is the openssh community interested in this patch?
Second, if there is interest in the patch,
2002 Jun 14
0
[Bug 278] New: ssh allows auto login even if account is locked
http://bugzilla.mindrot.org/show_bug.cgi?id=278
Summary: ssh allows auto login even if account is locked
Product: Portable OpenSSH
Version: 3.0.2p1
Platform: UltraSparc
OS/Version: Solaris
Status: NEW
Severity: normal
Priority: P2
Component: sshd
AssignedTo: openssh-unix-dev at mindrot.org
2002 Aug 30
4
Patch so that sshd makes use of PAM_USER
<<pam_user.patch>>
Hello. I created a patch that causes sshd to take notice of the value of PAM_USER after calling into the pam_xxx functions. This makes it possible for a PAM module to effect user mappings by setting the value of PAM_USER with pam_set_item(). If anyone has comments or suggestions, let me know.
Thanks,
Jeremy
-------------- next part --------------
A non-text
2002 Nov 12
1
Locked account and logging in with public key
Hi!
I'm using Openssh v3.5p1 with Solaris 8 compiled with pam support enabled.
It seems that if I use public key authentication I can log in to an
account that is locked (/etc/shadow has *LK* as password).
Login is also allowed even if the user does not have a valid shell.
Is this a bug or am I missing something?
--
Osmo Paananen
2011 Mar 24
2
Problem with pam-auth and winbind
Hi
I try to use windbind rule to authenticate users in dovecot login procedure.
/etc/nsswitch.conf file:
passwd: files winbind
shadow: files winbind
group: files winbind
when I try logon from my console to dovecot (pop3 server):
# telnet komp14 110
Trying 10.10.10.38...
Connected to komp.xxx.xxx (10.10.10.38).
Escape character is '^]'.
+OK Dovecot ready.
user tt1
+OK
pass xxxxxxxxx
-ERR
2003 Nov 13
0
[PATCH] Perform do_pam_chauthtok via SSH2 keyboard-interactive.
Hi All.
Attached is a patch to perform pam_chauthtok via SSH2
keyboard-interactive. It should be simpler, but since Solaris seems to
ignore the CHANGE_EXPIRED_AUTHTOK flag, it calls do_pam_account to check
if it's expired. To minimise the change in behaviour, it also caches the
result so pam_acct_mgmt still only gets called once.
This doesn't seem to work on AIX 5.2, I don't know
2000 Sep 13
2
auth-pam.c support for pam_chauthtok()
When we installed OpenSSH 2.1.1p4 on our Solaris systems, our users
noticed that it did not honor password expiration consistently with
other Solaris login services.
The patch below is against OpenSSH 2.2.0p1 and adds support for PAM
password changes on expiration via pam_chauthtok(). A brief summary of
changes:
auth-pam.c:
* change declaration of pamh to "static pam_handle_t *pamh",
2005 Feb 15
1
Is it possible to avoid PAM calls for key based Auth methods
Hello All,
Im using OpenSSH-3.9p1 configured for PAM,krb etc.. When I use Key based
auth methods such as Public key,gssapi etc, this skips the
pam_authenticate() call and directly calls pam_acct_mgmt(). This results in
a failed attempt with few of my own PAM modules. Is there any way to
implement this facility to be controlled by a directive in sshd_config. I
mean PAM calls should not be
2003 Dec 07
0
[PATCH] Do PAM chauthtok via keyboard-interactive.
Hi All.
Attached is another patch that attempts to do pam_chauthtok() via SSH2
keyboard-interactive authentication. It now passes the results from the
authentication thread back to the monitor (based on a suggestion from
djm).
Because of this, it doesn't call do_pam_account twice and consequently
now works on AIX 5.2, which the previous version didn't. I haven't tested
it on any
2005 Feb 02
0
Dovecot doesn't call pam_open_session, thus dodging pam_mkhomedir (fwd)
On Tue, 1 Feb 2005, it was written:
> Nicolas Lopez wrote:
> > maildir and most of my accounts in LDAP. Since the accounts are created
> > through a web interface on another server home directories on the mail
> > server don't get created automatically. There's the handy pam module
> > pam_mkhomedir.so to automagically create home directories, but
>
2003 Feb 26
0
PAM merge from FreeBSD
A few things to keep in mind:
- kbd-int should call pam_authenticate(), acct_mgmt(), chauthtok(), if
required, setcred(PAM_ESTABLISH_CRED) and open_session() ALL during
kbd-int so that modules in each of those PAM stacks can prompt the
user (pam_open_session(), for example, may prompt a user with an
informational message akin to the last login message)
- all userauth methods should
2020 Sep 08
23
[Bug 3210] New: Confusing errors when pam_acct_mgmt() fails
https://bugzilla.mindrot.org/show_bug.cgi?id=3210
Bug ID: 3210
Summary: Confusing errors when pam_acct_mgmt() fails
Product: Portable OpenSSH
Version: 8.3p1
Hardware: Other
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: PAM support
Assignee:
2003 May 12
10
[Bug 559] PAM fixes
http://bugzilla.mindrot.org/show_bug.cgi?id=559
Summary: PAM fixes
Product: Portable OpenSSH
Version: 3.6.1p2
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P3
Component: sshd
AssignedTo: openssh-unix-dev at mindrot.org
ReportedBy: fcusack at fcusack.com
- start PAM
2004 Mar 24
1
Trying to compile Samba 3.0.2a
Hi,
I'm using SuSE 8.2 and I got the source for samba 3.0.2a and I tried to
install it. ./configure (w/o any arguments) went ok so I type make and it
gives me the following errors:
Linking bin/smbd
auth/pampass.o(.text+0x59): In function `smb_pam_error_handler':
: undefined reference to `pam_strerror'
auth/pampass.o(.text+0xcb6): In function `smb_pam_end':
: undefined reference