similar to: [Fwd: Kerberos buglet in OpenSSH-3.3p1]

Could people please test -current? We will be making a release fairly soon. -d -- | By convention there is color, \\ Damien Miller <djm at mindrot.org> | By convention sweetness, By convention bitterness, \\ www.mindrot.org | But in reality there are atoms and space - Democritus (c. 400 BCE)

Hello, I came across an interoperability problem in OpenSSH 3.0p1 and 3.0.1p1 concerning the AFS token forwarding. That means that the new versions are not able to exchange AFS tokens (and Kerberos TGTs) with older OpenSSH releases (including 2.9p2) and with the old SSH 1.2.2x. In my opinion this problem already existed in Openssh 2.9.9p1, but I have never used this version (I only looked at the

resending to the whole mailing list .. ----- Forwarded message from kouril ----- Date: Wed, 26 Jun 2002 11:50:14 +0200 To: Damien Miller <djm at mindrot.org> Subject: Re: [Fwd: Kerberos buglet in OpenSSH-3.3p1] User-Agent: Mutt/1.2.5i In-Reply-To: <1025084114.12959.0.camel at mothra.mindrot.org>; from djm at mindrot.org on Wed, Jun 26, 2002 at 07:35:14PM +1000 On Wed, Jun 26, 2002 at

Here is a patch that does TIS auth via PAM. It's controlled by a switch in the sshd_config. You'd use it by having a PAM module that sets PAM_PROMPT_ECHO_ON. eg, you could use it with pam_skey or pam_smxs. The patch is against the 2.9.9p2 distribution. I'm not on the list, a reply if this patch is accepted would be great. (But not required, I know some folks have a distaste for

Hi, SSH brute force attacks seem to enjoy increasing popularity. Call me an optimist or a misrouted kind of contributer to the community, but on our company server I actually go through the logs and report extreme cases to the providers of the originating IP's. With the increasing number of these attacks, however, I have now decided that it's better to move the SSHd to a different

http://bugzilla.mindrot.org/show_bug.cgi?id=315 Summary: add miissing includes and defines for FREEBSD Product: Portable OpenSSH Version: -current Platform: Other OS/Version: FreeBSD Status: NEW Severity: normal Priority: P2 Component: Build system AssignedTo: openssh-unix-dev at mindrot.org

Hi. It would be of utmost utility if there were a way to cause the sshd "banner" configuration setting to only print the banner in certain circumstances. What I'm actually after is avoiding printing out the banner for non-interactive sessions, so that if I run "ssh somehost ls" I don't get the login banner, but if I just type "ssh somehost" I do (at

A STABLE (not updated since 12/13/02) system shows very strange behavior for devices with a minor mode greater than 256. tcpdump does not work reliably and ls is, uh, "strange", using hex for the minor mode. crw------- 1 root wheel 23, 252 Apr 11 14:29 bpf252 crw------- 1 root wheel 23, 253 Apr 11 14:29 bpf253 crw------- 1 root wheel 23, 254 Apr 11 14:29 bpf254

I have a epox nforce2 motherboard and it has a phy nic built in but I can't use it. when will working driver be available??

I am having problem with getting the src from the cvs server for a specific date I read the the man page and it said the date format is : "date=[cc]yy.mm.dd.hh.mm.ss This specifies a date that should be used to select the revi- sions that are checked out from the CVS repository. The client will receive the revisions that were in effect at the specified date and time. At present, the date

HELO, My old CRT is a bit broken so I decided to buy new screen. I d like to get an LCD monitor. I also use FreeBSD , X ver.4.2 server and GNOME 2.2. And now my question: Do I have to setup my X for that monitor, or maybe just change name, vendor, refresh modes in my XF86Config ? I am not going to use DVI.... thanks for help MArek

Hi all. I just upgraded my server from 4.7-Stable to 5.0-Release by a full install. Now I hit a problem with the date.. the time goes much faster than normal.. maybe twice as normal... this morning I found the following kernel log in /var/log/messages May 26 17:23:58 jupiter kernel: Timecounter "i8254" frequency 1193182 Hz May 26 17:23:58 jupiter kernel: Timecounter "TSC"

Hi all! I need your help. My server doesn't respond any more. Everything crashed. How can I find out if this is a bug or it is simply overloaded? I don't have much running, just KDE with about 10 programs on each of the 16 desktops, and a few background processes. This seems much, but I often have much more stuff running, and it is not even slow. It does respond when I ping it, but

----- Forwarded message from Andrea Barisani <lcars at infis.univ.trieste.it> ----- Date: Fri, 2 May 2003 14:01:33 +0200 From: Andrea Barisani <lcars at infis.univ.trieste.it> To: openssh at openssh.com Subject: openssh 3.6.1_p2 problem with pam Hi, I've just updated to openssh 3.6.1_p2 and I notice this behaviour: # ssh -l lcars mybox [2 seconds delay] lcars at mybox's

Hello all, I'm not able to get Kerberos5 authenticarion work together with PrivSep. According to strace, it seems that the kerberos authentication stage is performed by the user process in chrooted enviroment. The problem is that Kerberos authentication must be done by root. Is anybody working on a fix? (or am I missing something in configuration?) Thanks for any advice. -- Dan

Hello all, The long-mooted PAM merge from FreeBSD is starting _now_. This replaces the PAM password auth kludge that we have used until now with a discrete challenge-response module. This module is invoked via keyboard-interactive for protocol 2 or TIS auth for protocol 1. Warning: this is a large change and will probably break things. It has only been tested with basic password auth modules and

[bcc: to re@] Considering the amount of changes between 4.x and 5.x, and the performance issues of the latter, I think I can safely predict that RELENG_4 will be around for a long time after the RELENG_5 branch. While I understand that some will resist making RELENG_4 any more useful than it currently is (to encourage users to move to 5.x), I think there is one issue that should be addressed: the

We have been having a problem with sshd on our shell server. This has been happening since March 4, 2003 or before IIRC. Initially I thought the next OS upgrade, to 4.8 would fix this. I am accustomed to haveing little things go away in a month or two. I think we jumped to 4.7-STABLE on Feb 28, 2003. Some exploit fix wasn't being MFSd to RELENG_4_7 fast enough for my nerves (cvsd?). It

Dear users, I can access an database oracle database using sql developer. This was done by importing an xml file that contains the login details - username, password and specifies that it uses the KERBEROS_AUTHENTICATION. I'm trying to connect R - so that it can access this database - do sql queries and convert the resulting tables into dataframes. I am a novice in SQL and database access

Hi, I wonder if there will be a 3rd and 4th disk (additional Packages) to 4.8-Release ... or won't there like in 5.0-Release. Thanks! Zheyu -- +++ GMX - Mail, Messaging & more http://www.gmx.net +++ Bitte l?cheln! Fotogalerie online mit GMX ohne eigene Homepage!