similar to: pam + privileges

I'm using Dovecot 1.1.7 on CentOS 5.2. I've changed my passdb from passwd to pam, it works fine, but I've found this messages on /var/log/secure: dovecot-auth: PAM adding faulty module: /lib64/security/pam_limits.so dovecot-auth: PAM unable to dlopen(/lib64/security/pam_limits.so) dovecot-auth: PAM [error: /lib64/security/pam_limits.so: failed to map segment from shared object:

heres a fix for pam support im openssh, inline and attached.. openssh calls do_pam_session early, before a fork(). it does this on the proc still running as root, so it checks the users limits, against what root has running, and depending on limits can fail at the fork() (and almost always does). this patch moves it past the fork. ive been running it for a couple of weeks and everything seems

Hello all, The long-mooted PAM merge from FreeBSD is starting _now_. This replaces the PAM password auth kludge that we have used until now with a discrete challenge-response module. This module is invoked via keyboard-interactive for protocol 2 or TIS auth for protocol 1. Warning: this is a large change and will probably break things. It has only been tested with basic password auth modules and

With OpenSSH 2.9.9p2 as the server, I'm not able to do scp or "ssh machinename command" in general to any of my Suns! I tracked this down a bit; the problem occurs only when PAM support is enabled. However, if I remove line 430 of session.c, "do_pam_session(s->pw->pw_name, NULL);" inside of do_exec_no_pty, the problem goes away. It looks like the following entry

Every freekin' time I post something to this list I get bombarded with "out of office" auto-replys. Is there no way to stop this? (other than not posting to the list..) -Matthew

Hello all, On Redhat 6.2, the PAM_unix module logs the session opening, but not the session closing. This was logged as of 2.3.0p1. Upgrading to 2.5.1p1 makrs the start of the problem. Thanks in advance, Victor -- Victor J. Orlikowski ====================== v.j.orlikowski at gte.net orlikowski at apache.org vjo at us.ibm.com

Beyond any more general questions of whether pam sessions *should* be run as root, is there an immediate security concern with moving the pam_open_session (and pam_setcred) stuff to the parent (root) process? (E.g., via the patch below.) -- Mike Stone diff -u -r1.4 auth-pam.c --- auth-pam.c 25 Jun 2002 00:45:33 -0000 1.4 +++ auth-pam.c 25 Jun 2002 20:33:41 -0000 @@ -286,6 +286,8 @@

Ever since I signed up for this mailing list and sent my first question, I have been bombarded with the W32/Swen@MM and the emails aren't all from the same person. Is anyone else experiencing this? Rob

http://bugzilla.mindrot.org/show_bug.cgi?id=83 ------- Additional Comments From djm at mindrot.org 2003-03-10 15:49 ------- Created an attachment (id=247) --> (http://bugzilla.mindrot.org/attachment.cgi?id=247&action=view) Call pam_session after child fork() Hopefully this patch will allow people to gather the feedback necessary to close this bug. ------- You are receiving this

I am using PAM and pam_smbpass.so with Samba 2.999 (Debian sid package). If, in /etc/pam.d/samba, I set session required pam_smbpass.so then login fails, and the log says: [2002/08/04 15:43:26, 0] auth/pampass.c:smb_pam_error_handler(73) smb_pam_error_handler: PAM: session setup failed : Module is unknown [2002/08/04 15:43:26, 1] smbd/session.c:session_claim(103) pam_session

Hi, I used to have a set of samba shares working fine on a Centos 4 machine, accessed by XP clients and authenticated against a 2003 SBS server. Then I did a yum upgrade and a week later noticed that the seldom-used SMB shares have stopped working. No other changes to the Centos server, and no domain changes. The XP clients now just keep prompting for authentication. A wireshark trap shows

On 12/29/2014 02:39 PM, Hoggins! wrote: > Hello Thomas, > > Le 29/12/2014 15:25, "Thomas B. R?cker" a ?crit : >> The directory is a free service and it's my >> time that goes into maintaining it and I'm not willing to pour more time >> into finding some hoster who thinks playing hide and seek is cool. > This is slightly off-topic, but do you plan on

Forwarding a message from Rogier Wolff: > > Nick Andrew wrote: > > Theo De Raadt pointed out (possibly not in this thread) that basing > > protection on euid is not workable. Although I like the concept of > > variable expansion in pathnames, I don''t see it as a security mechanism. > > Why not? Because programs that _were_ privileged but have set euid ==

http://bugzilla.mindrot.org/show_bug.cgi?id=83 djm at mindrot.org changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |misiek at pld.org.pl Summary|PAM limits applied |PAM limits applied |incorrectly

It's sometimes desired to be able to alter login policy depending upon how the person was connecting for the ssh server. For example you might want different rules on the internal and external interface of a gateway. In another setup you might want an sshd with a different login policy running on a different port - and setup different firewalling rules (for example). I have implemented such

http://bugzilla.mindrot.org/show_bug.cgi?id=83 djm at mindrot.org changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |rudolph at getsystems.com ------- Additional Comments From djm at mindrot.org 2003-01-07 18:31 ------- *** Bug 354 has been marked as a

http://bugzilla.mindrot.org/show_bug.cgi?id=83 djm at mindrot.org changed: What |Removed |Added ---------------------------------------------------------------------------- Component|sshd |PAM support ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=83 ------- Additional Comments From dtucker at zip.com.au 2003-09-15 12:13 ------- Hey, isn't this fixed in -current? do_pam_session is now called before permanently_set_uid. Could you please try a snapshot? ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

Hello, first - thanks for the help in getting dovecot 2.2 compiled and installed on Debian. I have Dovecot 2.2 running now on two servers, and to test replication, I am polling mail on one server whilst the other creates mail regularly from crontab output. I have replication set up, but nothing at all is appearing on the other server, and I do not have any dsync / doveadm messages in

http://bugzilla.mindrot.org/show_bug.cgi?id=83 djm at mindrot.org changed: What |Removed |Added ---------------------------------------------------------------------------- Version|3.0.2p1 |-current ------- Additional Comments From djm at mindrot.org 2002-01-31 21:46 ------- I'm putting some replies from the