similar to: [Bug 432] New: AIX does not log login attempts for unknown users

http://bugzilla.mindrot.org/show_bug.cgi?id=432 ------- Additional Comments From dtucker at zip.com.au 2002-11-08 11:50 ------- Created an attachment (id=176) --> (http://bugzilla.mindrot.org/attachment.cgi?id=176&action=view) Call loginfailed() on AIX for unknown usernames ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the

Hi All. As noted in a previous post, the logging of failed user logins is somewhat spread out. This patch creates a record_failed_login() function in sshlogin.c and moves the AIX and UNICOS code to it, eliminating 3 #ifdefs from the main code. It also provides an obvious place to add the code for any other platforms that support this. I've tested this on AIX 4.3.3. Wendy Palm was kind

Hi All. This is a re-send of a patch I submitted before 3.6p1. As noted in a previous post, the logging of failed user logins is somewhat spread out. This patch creates a record_failed_login() function in sshlogin.c and moves the AIX and UNICOS code to it, eliminating 3 #ifdefs from the main code. It also provides an obvious place to add the code for any other platforms that support

I am having difficulties compiling openssh3.6p2 under AIX 5.2. I grabbed the latest from the contrib section from openssh.com, applied passexpire19.patch successfully and configure --prefix=/opt/freeware/ --with xauth=/usr/bin/X11/xauth. i get the following @ the end of the make: In file included from auth.c:41: /usr/include/usersec.h:656: warning: `struct aud_rec' declared inside parameter

Hi All. First the questions: Is there anything objectionable in this patch? Is AUDIT_FAIL_AUTH appropriate for the "Reason" field? Now the details: attached is a patch that changes some of the #includes for AIX. It moves the AIX-specific includes to port-aix.h and adds includes that contain the prototypes for many of the authentication functions. The idea isto fix some warnings.

Hi David, I'm sure loginfailed(..) should be called immediately after authenticate(..) returned an error. It is directly related to an invalid password try. (Please see my attached mail from May 2001 to the list). I'm not so sure when loginsuccess(..) should be called (setting the loginfailed counter to zero): Either 1) when somebody logs in successfully using all kinds of valid

There are a couple of bugs in the openssh-3.7.1p2. The aix_setauthdb function does not work with other types of authentication such as AFS/DFS. The loginfailed test in configure is not correct. Also, AIX can use the wtmp logging which I added in configure. Attached is the patch. Thanks, Matt Richards -------------- next part -------------- *** openssh-3.7.1p2/openbsd-compat/port-aix.c Mon Jul 14

--- auth1.c.orig Sat Feb 3 18:17:53 2001 Bringa AIX modes in line with latest changes to auth1.c +++ auth1.c Sat Feb 3 18:19:15 2001 @@ -347,7 +347,7 @@ if (authctxt->failures++ > AUTH_FAIL_MAX) { #ifdef WITH_AIXAUTHENTICATE - loginfailed(user,get_canonical_hostname(),"ssh"); +

Here are some patches to re-enable support for AIX's authenticate routines. With them, ssh will honor locked & unlocked accounts, record successful and unsuccessful logins, and deny accounts that are prohibited to log in via the network. Tested with AIX 4.3. It also includes a fix for handling SIGCHLD that may be needed for other platforms (HP-UX 10.20, for example). If I get the time

Has anyone had luck getting Winbind from Samba 3.0.11 to compile and authenticate users telnetting (or ssh'ing) into an AIX lpar? If so, what'd you do? :) I've compiled kerberos and openldap, both installed. Able to run the configure script for Samba, pointing LDFLAGS and related to the correct location for the openldap libraries. I've been unable to get Samba compiled

sorry, Darren. Long over due comments. [..] >+/* Record a failed login attempt. */ >+void >+record_failed_login(const char *user, const char *host, const char *ttyname) >+{ >+#ifdef WITH_AIXAUTHENTICATE >+ loginfailed(user, host, ttyname); >+#endif >+#ifdef _UNICOS >+ cray_login_failure((char *)user, IA_UDBERR); >+#endif /* _UNICOS */ >+} I like the

Hi. I'm trying to use AD authentication under AIX 5.3. I've compiled samba 3.0.22 with options: ./configure --prefix=/usr/local/samba --with-winbind --with-ads --with-krb5=/usr/heimdal --with-ldap --with-acl-support --with-aio-support=yes Then I copied the WINBIND file in /usr/lib/security/ directory, I edited methods.cfg file adding the stanza: WINBIND: program =

http://bugzilla.mindrot.org/show_bug.cgi?id=908 Summary: AIX OpenSSH allows too many failing login attempts Product: Portable OpenSSH Version: -current Platform: All OS/Version: AIX Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: openssh-bugs at mindrot.org ReportedBy:

The patch below follows changes in AIX utmp handling made between AIX 4.3.3 and 5.1. With it, utmp entries are properly recorded again. The patch applies to OpenSSH 3.1p1, and seems to work fine. The co-worker who sent me the patch hasn't tested backwards compatibility on AIX 4.3.3 systems. Richard ------- *** openssh-2.9.9p2/auth-passwd.c.org Tue Jul 3 23:21:15 2001 ---

http://bugzilla.mindrot.org/show_bug.cgi?id=145 ------- Additional Comments From dtucker at zip.com.au 2002-06-21 23:43 ------- Created an attachment (id=116) Merge all previous patches and diff against -cvs ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=355 ------- Additional Comments From dtucker at zip.com.au 2002-08-25 18:10 ------- It looks like the call to loginsuccess() fails because it's done as a non-privileged user. This is bad because in addition to generating the message it also clears the failed login counter that leads to account lockout. The following patch fixes it for me

https://bugzilla.mindrot.org/show_bug.cgi?id=1710 Summary: aix_setauthdb/aix_restoredb are not called in getpwnamallow() causing permanently_set_uid() to fail Product: Portable OpenSSH Version: 5.3p1 Platform: PPC OS/Version: AIX Status: NEW Severity: normal Priority: P2 Component: sshd

Hi All, I've been poking around various parts of the auth code for a while. Some platforms support failed login counters and it occurs to me that there's as few too many instances of: #ifdef [PLATFORM] if (authenticated == 0 && strcmp(method, "password") == 0) some_login_failure_func(); #endif The attached patch creates a record_failed_login() function in

Hi. There's a couple of minor problems with the way port-aix.c handles the messages returned by AIX's authentication routines. I think we handle the native ones OK, but third-party modules might behave differently. It tests OK for me, I would appreciate testing by anyone using AIX (esp. anyone using something other than the standard password auth modules). a) The message from a

Hi, Openssh doesn't log failed logins to /var/log/btmp like login does (if btmp exists). This is on RH6.2. Is there a specific reason for not logging to btmp ? I think that logging to btmp would be a 'good thing'(tm). What about other unices ? Do they have /var/log/btmp or something similar (AIX has something like that and I think openssh already logs the failed attempts). AFAIK