similar to: sshd and pam , conversation

The following patch (relative to -current) makes PAM a proper kbd-interactive citizen. There are a few limitations (grep for todo), but the code seems to work OK for protocols 1 & 2 with and without privsep. Please have a play! auth2-pam.c is based on code from FreeBSD. Index: auth2-chall.c =================================================================== RCS file:

Hello, appended is a patch that makes it possible to use PAM both for password authentication and TIS (i.e. s/key or opie or any other interactive challenge/response scheme). I have developed this starting from the patch at http://www.debian.org/Bugs/db/61/61906.html on Debian with openssh-2.1.1p4-3. After configuring ssh with --with-pam-tis, there are two PAM services, "sshd" and

Below is a new PAM kbd-int diff based on FreeBSD's code. This code makes PAM kbd-int work with privilege separation. Contrary to what I have previously stated - it *does* handle multiple prompts. What it does not handle is multiple passes through the PAM conversation function, which would be required for expired password changing. I would really appreciate some additional eyes over the

The following is a patch (based on FreeBSD code) which gets kbd-int working with privsep. It moves the kbd-int PAM conversation to a child process and communicates with it over a socket. The patch has a limitation: it does not handle multiple prompts - I have no idea how common these are in real-life. Furthermore it is not well tested at all (despite my many requests on openssh-unix-dev@). -d

Hi, I have tested the current snapshot portable release (dated Jan 9 2004). configuration has: UsePAM yes PasswordAuthentication no ChallengeResponseAuthentication yes UsePrivilegeSeparation yes two problems: first pam_motd does not work anymore. second, I needed a quick way to disable normal user logins without disabling admin accounts (members of group wheel). the best option i could come

When we installed OpenSSH 2.1.1p4 on our Solaris systems, our users noticed that it did not honor password expiration consistently with other Solaris login services. The patch below is against OpenSSH 2.2.0p1 and adds support for PAM password changes on expiration via pam_chauthtok(). A brief summary of changes: auth-pam.c: * change declaration of pamh to "static pam_handle_t *pamh",

Hi, My company decided to implement security restrictions lately and I was to write more strict authorization modules for pam. One of it works asking for some kind of additional security string (for example pin from some kind of token). It is done by pam module, which asks calling application to do conversation for him: prompt_msg.msg_style = PAM_PROMPT_ECHO_OFF;

In OpenSSH 3.6.1p2, pam_open_session() ran with a conversation function, do_pam_conversation(), that fed text to the client. In OpenSSH 3.7.1p2, this is no longer the case: session modules run with a conversation function that just returns PAM_CONV_ERR. This means that simple session modules whose job involves printing text on the user's terminal no longer work: pam_lastlog, pam_mail, and

Hi I'm attempting to compile samba 222 on Solaris 2.8 using Sun Forte 6 C compiler but I'm getting error messages. I used the following sequence of commands: setenv CC cc ./configure --prefix=/usr/local/samba.22 --with-acl-support --with-pam --with-pam_smbpass --with-syslog make See messages below: ================================================================ ..........

hey everybody, just wanted to know if there's anything i need to do different to install and confiqure version 2.3.1 as oposed to version 2.2 or not ?? and what exactly is there in 2.3.1 anyways ?? is it any better then version 2.2 ?? and is there any way i can edit the server to make my scanner go live (like right the the second) PS: in the mean time i will

Hello, I am using 1.4.8 and have a question about Queues. I noticed that if I have an agent logged in using AgentCallBackLogin and that agent is unreachable for some reason (SIP phone unplugged) calls to him/her will completely yack. For example: 1-Agent 500 is the only one logged into queue number 1. 2-A call comes into queue number 1 3-The call is pushed to agent 500 at extension 21 which is

Commit 78139c94dc8c ("net: vhost: lock the vqs one by one") moved the vq lock to improve scalability, but introduced a possible deadlock in vhost-iotlb. vhost_iotlb_notify_vq() now takes vq->mutex while holding the device's IOTLB spinlock. And on the vhost_iotlb_miss() path, the spinlock is taken while holding vq->mutex. As long as we hold dev->mutex to prevent an ioctl

Commit 78139c94dc8c ("net: vhost: lock the vqs one by one") moved the vq lock to improve scalability, but introduced a possible deadlock in vhost-iotlb. vhost_iotlb_notify_vq() now takes vq->mutex while holding the device's IOTLB spinlock. And on the vhost_iotlb_miss() path, the spinlock is taken while holding vq->mutex. As long as we hold dev->mutex to prevent an ioctl

Hi, I'm doing the final tests before I migrate my 10000 users from RHEL 4 + dovecot 1.1.20 to RHEL5 + dovecot 1.2.11, and I'm having some serious problems with outlook 2007 clients disconnecting very often. In dovecot's log I see lot of connects and disconnects from these clients (as oposed to my kmail, that just connects once when I come in and disconnects when I shut it off).

RS/6000 machine AIX V.4.2 OS SAMBA 1.9.18p4 AIX/NT4.0 -win95 WSs Problem: We cannot seem to browse our NT 4.0 server, or any of our shared WS's, resources, etc... remotely. Locally, everything works great. I have run through all 10 tests, with positive results. Below is a copy of our SMB.CONF file: *************************************************

Hi, I'm trying to use pam_listfile.so to deny logins from all others but few users (names in /etc/loginusers). With password authentication it works fine, but with public key authentication OpenSSH lets in users whose names arent't in /etc/loginusers. AllowUsers in sshd_config does what one would expect. I'm using OpenSSH-3.0.2p1 on Debian testing (package version 1:3.0.2p1-6)

Hai Rowland, Thanks for the reply. Ok so we suspect and buggie pam module The pam.d/ssh is the default @include common-auth account required pam_nologin.so @include common-account session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close session required pam_loginuid.so session optional pam_keyinit.so force revoke @include

On Tue, Mar 7, 2023 at 11:57?AM Feng Liu <feliu at nvidia.com> wrote: > > is_power_of_2() already performs the zero check. Hence avoid duplicate > check. While at it, move the query of size check also adjacent to where > its used for the disabled vq. > > Signed-off-by: Feng Liu <feliu at nvidia.com> > Reviewed-by: Jiri Pirko <jiri at nvidia.com> >

This isn't related to the snapshot, but mention of it reminded me to submit these changes. I added a few things, and made a couple small changes; here's a list of what the patch includes: - adds a "-1" argument to ssh and ssh.1 to force protocol1, similar to the existing "-2" argument. - adds "-1" and "-2" to scp and scp.1 as well. - adds

http://bugzilla.mindrot.org/show_bug.cgi?id=890 Summary: Allow users to see output from failing PAM session modules. Product: Portable OpenSSH Version: -current Platform: Other OS/Version: All Status: NEW Severity: normal Priority: P2 Component: PAM support AssignedTo: