similar to: Not only pam chauthtok problems in privsep mode

Hi, the following patch patches the files in contrib/cygwin. The changes are necessary to allow a better support of privilege separation. On NT machines the script asks now if it should create a user called "sshd" and all that. Additionally it creates the /etc/ssh_config and /etc/sshd_config files follows the latest versions. Would you mind to apply this to the official OpenSSH

http://bugzilla.mindrot.org/show_bug.cgi?id=463 Summary: PrintLastLog doesn't work in privsep mode Product: Portable OpenSSH Version: -current Platform: All OS/Version: All Status: NEW Severity: trivial Priority: P2 Component: sshd AssignedTo: openssh-unix-dev at mindrot.org ReportedBy:

Hello All. Attached is an update to my previous patch to make do_pam_chauthtok and privsep play nicely together. First, a question: does anybody care about these or the password expiration patches? Anyway, the "PRIVSEP(do_pam_hauthtok())" has been moved to just after the pty has been allocated but before it's made the controlling tty. This allows the child running chauthtok to

https://bugzilla.mindrot.org/show_bug.cgi?id=2278 Bug ID: 2278 Summary: 'configure --disable-lastlog' should mark PrintLastLog as unsupported in servconf.c Product: Portable OpenSSH Version: 6.6p1 Hardware: All OS: Solaris Status: NEW Severity: minor Priority: P5

Hi All. Today a patch was commited to OpenSSH that performs PAM password changes via SSH2 keyboard-interactive authentication. I should work fine with privsep, which some of the other solutions have problems with. While the patch itself is relatively small, it's bigger than it should have been due to differences in PAM implementations. I encourage anyone with a interest in this to try

http://bugzilla.mindrot.org/show_bug.cgi?id=463 m4gw4s at gmail.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|CLOSED |REOPENED Resolution|FIXED | ------- Comment #17 from m4gw4s at gmail.com 2006-10-27 23:31 -------

https://bugzilla.mindrot.org/show_bug.cgi?id=2263 Bug ID: 2263 Summary: sshd privsep monitor process doesn't handle SIGXFSZ signal Product: Portable OpenSSH Version: 6.6p1 Hardware: All OS: Linux Status: NEW Severity: normal Priority: P5 Component: sshd

http://bugzilla.mindrot.org/show_bug.cgi?id=463 ------- Additional Comments From dtucker at zip.com.au 2003-05-10 12:59 ------- I've had a look at the OpenBSD source and I don't think OpenBSD *needs* a "Buffer loginmsg" right now. PrintLastLog can be easily fixed by updating s->last_login_time before the privsep split. So, is there another reason OpenBSD needs (or

http://bugzilla.mindrot.org/show_bug.cgi?id=463 ------- Additional Comments From dtucker at zip.com.au 2003-01-07 23:43 ------- Generate the message earlier in the login process and store for display after session startup? Rather than another variable for this (eg aixloginmsg, maybe __pam_msg), what about using a single Buffer for storing all of the messages to be displayed after login?

Hi All. Attached is a patch that implements password expiry with PAM and privsep. It works by passing a descriptor to the tty to the monitor, which sets up a child with that tty as stdin/stdout/stderr, then runs chauthtok(). No setuid helpers. I used some parts of Michael Steffens' patch (bugid #423) to make it work on HP-UX. It's still rough but it works. Tested on Solaris 8 and

http://bugzilla.mindrot.org/show_bug.cgi?id=289 Summary: mmap error when trying to use 3.3p1 with privsep Product: Portable OpenSSH Version: 3.1p1 Platform: ix86 OS/Version: Linux Status: NEW Severity: major Priority: P2 Component: sshd AssignedTo: openssh-unix-dev at mindrot.org

Hi All. Attached is another patch that attempts to do pam_chauthtok() via SSH2 keyboard-interactive authentication. It now passes the results from the authentication thread back to the monitor (based on a suggestion from djm). Because of this, it doesn't call do_pam_account twice and consequently now works on AIX 5.2, which the previous version didn't. I haven't tested it on any

Some time ago, Ben wrote about a PrintLastLog patch: > If the person who originally submitted it wants to write a complete > patch and submit it. Then we would be happy to debate if it will be > included. Well, here it is, because: "You Asked For It!" PS: I'm tired of maintaining my own version of Debian's ssh just to have this option available, so I hope you find

Vesion 3.8.1 of OpenSSH has been compiled on a Solaris 8 host. I am having difficulties in enabling password aging to work from reading /etc/default/passwd and /etc/shadow. # passwd -f < user-id > works satisfactorily however once a password ages through due course from the settings in /etc/default/passwd and /etc/shadow the users are not prompted to change passwords and the user is logged

Hi, the below patch to contrib/cygwin is a major rework to allow various changes in the installation process on Cygwin machines. The important changes are: - New Makefile, providing a `cygwin-postinstall' target which allows to create a base installation as in the Cygwin distribution, which should be run right after a `make install'. - Additional information given in the README

http://bugzilla.mindrot.org/show_bug.cgi?id=14 Bug 14 depends on bug 463, which changed state. Bug 463 Summary: PrintLastLog doesn't work in privsep mode http://bugzilla.mindrot.org/show_bug.cgi?id=463 What |Old Value |New Value ---------------------------------------------------------------------------- Status|ASSIGNED

http://bugzilla.mindrot.org/show_bug.cgi?id=463 ------- Additional Comments From dtucker at zip.com.au 2003-02-22 16:01 ------- Created an attachment (id=235) --> (http://bugzilla.mindrot.org/attachment.cgi?id=235&action=view) Generate login message as part of login recording. This patch moves the generation of the generic last login message to sshlogin.c, the AIX loginsuccess call

http://bugzilla.mindrot.org/show_bug.cgi?id=1053 Summary: The nonquery messages from PAM account aren't forwarded to user (privsep) Product: Portable OpenSSH Version: 4.1p1 Platform: All OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: PAM support

In OpenSSH 3.6.1p2, pam_open_session() ran with a conversation function, do_pam_conversation(), that fed text to the client. In OpenSSH 3.7.1p2, this is no longer the case: session modules run with a conversation function that just returns PAM_CONV_ERR. This means that simple session modules whose job involves printing text on the user's terminal no longer work: pam_lastlog, pam_mail, and

http://bugzilla.mindrot.org/show_bug.cgi?id=463 djm at mindrot.org changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |RESOLVED Resolution| |FIXED ------- Additional Comments From djm at mindrot.org 2003-06-28 17:48