similar to: PAM support & openssh

SecureComputing's PAM library doesn't pass back the correct context to the pam_conversation function, i.e. it passes back NULL. So this patch works around this fact. likely you'll only want this hack if you expect to use pam_safeword.so in your authentication check, and only if you run sshd in privilege separation (separate process) mode so that the PAM conversation is single

> Interesting quote: > > "Due to complexity, inconsistencies in the specification and differences > between vendors' PAM implementations we recommend that PAM be left disabled > in sshd_config unless there is a need for its use. Sites only using public > key or simple password authentication usually have little need to enable PAM > support." > > Slander?

Further to my original question about PAM on OpenBSD for OpenSSH, it may be non-trivial to get any PAM stuff onto OpenBSD (Thanks to Ben Lindstrom for his suggestion, which I'll try, using a gnu/loonucks PAM package, any suggestions for which one to use, or where to get it from? I'm not very clueful when it comes to GNU/linux). So, I remember in a past life hacking suport for other auth

I have been looking forward to the full PAM integration into OpenSSH for some time. I have been downloading many of the SNAP shots and testing them out on Solaris 5.8 and Solaris 5.9, and have been impressed with the improvements of late. One thing that I have noticed, however, is that when utilizing PAM -> UsePAM=Yes, that the password prompt reads Password: Now, I realize that this is

Hi. Has anyone been able to get Openssh-2.9p2 or p1 or Openssh-2.5.2p2 to work with the Kerberos 5 PAM on Solaris 8 ? More specifically, I am trying to get the system to work with Kerberos 5 only (no pam_unix). My attempts to get things running result in the following messages from ssh (client side): > user at ssh-gateway's password: > client: Requesting pty. > client: Requesting

Hi, I'm trying to make sshd perform a keylogin on a Solaris 7 NIS+ client with PAM. ssh connects and works fine but keyserv reports that it `can't encrypt the session key'. So I think the keylogin failed or did not happen when the user started an ssh session. The following message is logged in syslog. >sshd[489]: pam_setcred: error Permission denied >sshd[506]:

Hi, We have a Solaris 10 system that authanticates users against an LDAP server with password management. On port 22 runs Sun SSH 1.1. On port 2222 runs OpenSSH 4.3p2. OpenSSH uses a configuration from a Linux system where login with password or public key works. Adittionally we have a customized PAM module that grants/revokes access based upon an attribute setting in LDAP. The PAM

I know this is slightly off-topic. I'm looking at a way to use PAM with OpenSSH, on OpenBSD 2.7 (which at the moment as far as I can tell has no PAM support). I wonder how hard it would be to spoof the config of the portable OpenSSH into thinking it was on something that supported PAM, and then having a wrapper of some sort to connect to a PAM module? Some background: I have a requirement

Hello, I am experiencing an error when using the Kerberos V PAM module provided with Solaris 8 with OpenSSH versions 2.9.9p2 and 3.0.2p1. The connection is established, the prompt appears, the motd of the remote system is sometimes displayed, and then the connection closes. This looks to be an error with the PAM module and not OpenSSH, but the problem only affects OpenSSH - all the other

I'm trying to understand the code around PAM support in auth2.c and auth2-chall.c. I'm working with the OpenSSH 3.7.1p2 sources on FreeBSD 4.x. The scenario I'm trying to make work is SSH login to a captive accout for users in a RADIUS database but whose login does not appear in /etc/passwd or getpwnam(). I understand that if the username is not found in getpwnam(), then the

http://cvs-mirror.mozilla.org/webtools/bugzilla/show_bug.cgi?id=381 Summary: unable to access expired accounts using PAM with openssh-3.4P1 Product: Portable OpenSSH Version: -current Platform: UltraSparc OS/Version: Solaris Status: NEW Severity: major Priority: P2 Component: sshd

http://bugzilla.mindrot.org/show_bug.cgi?id=117 Summary: OpenSSH second-guesses PAM Product: Portable OpenSSH Version: -current Platform: Other OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: openssh-unix-dev at mindrot.org ReportedBy: abartlet at

Hello all I've finished developing my own implementation of PAM support for OpenSSH. I've done this, because it was my master of science thesis. Everyone who is intrested in with it, can download one from: http://valdi.gt.pl/OpenSSH/ What is intresting - I've implemented RSA authentication too :-) More info in short README which can be downloaded from above page. Ah - avaible

http://bugzilla.mindrot.org/show_bug.cgi?id=696 Summary: PAM modules getting bypassed when connecting from f- secure ssh client to openssh 3.7p1 or 3.7.1p1 servers Product: Portable OpenSSH Version: 3.7.1p1 Platform: Sparc OS/Version: Solaris Status: NEW Severity: minor Priority: P2

Hello, I'm currently running OpenSSH 3.6.1p2 successfully on older Slackware Linux. Glibc in use is 2.2.2 and Linux-PAM 0.77. I have been compiling OpenSSH for couple years until now with options --sysconfdir=/etc/ssh --with-ipv4-default --with-pam \ --without-shadow --disable-suid-ssh Unfortunately, upgrading to =>3.7p1 makes PAM-authentication fail. Authentication simply

Sorry - without the signing this time. Hello. Our products use CentOS 6.5 and we would like to deploy them with custom openssh RPMs. I have downloaded the sources from http://athena.caslab.queensu.ca/pub/OpenBSD/OpenSSH/portable and built the RPMs, but the PAM configuration file is wrong after installation. When I install the default openssh-5.3p1 RPMs from the CentOS 6.5 repository, the

Hello, I am using Redhat 6.1 on pentium. I have a problem with sshd in openssh, when I try to connect by ssh to sshd even on the local machine, the pam module will not authenticate my password. Here is a transcript of sshd -ddd: debug1: sshd version OpenSSH_2.3.0p1 debug1: Seeding random number generator debug1: read DSA private key done debug1: Seeding random number generator debug1: Bind to port

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello. Our products use CentOS 6.5 and we would like to deploy them with custom openssh RPMs. I have downloaded the sources from http://athena.caslab.queensu.ca/pub/OpenBSD/OpenSSH/portable and built the RPMs, but the PAM configuration file is wrong after installation. When I install the default openssh-5.3p1 RPMs from the CentOS 6.5 repository,

FYI. Maybe ppl with access to Solaris can look at this. Niels. From: mark at salfrd.ac.uk (Mark Powell) Newsgroups: comp.security.ssh Subject: Re: openssh on a non-PAM system? Date: 6 Dec 1999 14:10:21 -0000 Message-ID: <82gg4d$15ta$1 at plato.salford.ac.uk> In article <x7zovrqhrv.fsf at bombadil.nic.net>, Dan Lowe <dan at bombadil.nic.net> wrote: >mark at salfrd.ac.uk

With the sshd in recent releases of OpenSSH, some Red Hat Linux systems complain about ulimit trying to raise a limit when logging in via ssh. The problem is that packages/redhat/sshd.pam doesn't do limit checking for an sshd session. The attached patch adds the pam_limits module to the sshd session, which checks for limits set in /etc/security/limits.conf. This works on Red Hat Linux 5.2