similar to: [Bug 568] Kerberos password auth/expiry kbdint patch

I took Markus Friedl's advice and set up a KbdintDevice for Kerberos password authentication/expiry. It took me a bit to wrap my head around privsep, but I think it's working properly (code stolen shamelessly from FBSD's PAM implementation :->). The hardest part was working out how to get the interaction between krb5_get_init_creds_password() (along with the prompter) to work

http://bugzilla.mindrot.org/show_bug.cgi?id=568 ------- Additional Comments From michael.houle at atcoitek.com 2004-04-06 06:04 ------- Can someone please enlighten me on whether this kind of code is going to be included in the main development ? I thought this would be handled automatically by the krb5 libraries, so I was suprised to find that password changing doesn't work in the SSH

Attached is a patch that allows for an interactive Kerberos password change via keyboard-interactive, and also reports any banners received from krb5_g_i_c_p() (e.g., password expiration notification if you have krb5-1.2.x patched appropriately). This could probably be refactored a bit and probably done better, but I'm sending this in in case anyone finds it useful. The major drawback is

http://bugzilla.mindrot.org/show_bug.cgi?id=701 Summary: With 'PermitRootPassword without-password' set, root w/pass can still log in with a using 'keyboard-int/pam' Product: Portable OpenSSH Version: 3.7.1p1 Platform: All OS/Version: All Status: NEW Severity: normal Priority:

I have tried this patch (against 3.5p1) and would very much like it to be in the OpenSSH 3.6p1 release, if possible: http://bugzilla.mindrot.org/show_bug.cgi?id=14 On that note, I'd like the Sun BSM patch to be included also, if possible. I have it working applied to 3.5p1: http://bugzilla.mindrot.org/show_bug.cgi?id=125 In fact, both patches work together, apparently. If I have any

The attached patch restricts any keyboard-int method from allowing root password authentication. Other methods (bsdauth? I don't even really know what that is) could be added as well. FWIW, it appears that when using the "password" method the code in auth.c is never reached due to the following code in auth-passwd.c: #ifndef HAVE_CYGWIN if (pw &&

of the remotely connected socket is in in monitor_read(). The easiest way to pass them in would be to add fields to the Authctxt structure, which gets passed down into auth_krb5_password(), although possibly not the best. Perhaps using a prompter isn't the best way to go, either, I'm not sure. Ultimately, I'm simply looking for any pointers as to the best way to proceed, even if

I have everything in place to move to a Samba/Heimdal/OpenLDAP auth database and have just discovered that some of the Windows products we use are required to run on a domain controller. Since domain sync doesn't work between Samba and NT4 it looks like I'm stuck: either ditch all the software we run on domain controllers, stay with our current 2-auth-db system, or move at least our

This bug causes a segfault when compiled against heimdal, but not MIT krb5. Either way, I think this code is correct. HTH. ---------------------------------------------------------------------- | Jim Hranicky, Senior SysAdmin UF/CISE Department | | E314D CSE Building Phone (352) 392-1499 | | jfh at cise.ufl.edu

http://bugzilla.mindrot.org/show_bug.cgi?id=580 Summary: disable kbdint if host key mismatch Product: Portable OpenSSH Version: -current Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: ssh AssignedTo: openssh-bugs at mindrot.org ReportedBy: fcusack at

https://bugzilla.mindrot.org/show_bug.cgi?id=1438 Summary: Adds an out-of-band challenge (OBC) authentication method (via kbdint) Classification: Unclassified Product: Portable OpenSSH Version: 4.7p1 Platform: All OS/Version: Linux Status: NEW Keywords: patch Severity: normal

Dear R-Help list: I'm using the Matrix library to operate on 600 X ~5000 element unsymmetrical sparse arrays. So far, so good, but if I find I need more speed or functionality, how hard would it be to utilize other sparse matrix toolsets from within R, say MUMPS, PARDISO or UMFPACK, that do not have explicit R interfaces? More information on these is available here

What I'm trying to do: upload files from my local machine to an rsync server running on a remote host. What I don't know: syntax on how to do this. I initially set the conf file so that I could download from the remote machine to my local machine, the syntax: rsync -azv --delete rsync://user@remote.machine.com:12923:blah destdir This worked fine. So then, I wanted to go the other

https://bugzilla.mindrot.org/show_bug.cgi?id=1439 Summary: Adds Virtual Token (VToken) authentication method to kbdint Classification: Unclassified Product: Portable OpenSSH Version: 4.7p1 Platform: All OS/Version: Linux Status: NEW Keywords: patch Severity: normal Priority: P2

https://bugzilla.mindrot.org/show_bug.cgi?id=1439 Summary: Adds Virtual Token (VToken) authentication method to kbdint Classification: Unclassified Product: Portable OpenSSH Version: 4.7p1 Platform: All OS/Version: Linux Status: NEW Keywords: patch Severity: normal Priority: P2

http://bugzilla.mindrot.org/show_bug.cgi?id=1087 djm at mindrot.org changed: What |Removed |Added ---------------------------------------------------------------------------- Group|Portable OpenSSH | ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

Hello, I was chasing some unexpected behaviour from OpenSSH, and have come across an oddity in the source code which may or may not be a bug. In auth2-kbdint.c, the Authmethod struct declares options.kbd_interactive_authentication as the enabled flag for this method. However in the implementation function a few lines above, it checks options.challenge_response_authentication to decide whether to

http://bugzilla.mindrot.org/show_bug.cgi?id=701 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |iand at ekit-inc.com ------- Additional Comments From dtucker at zip.com.au 2004-03-30 12:00 ------- *** Bug 713 has been marked as a

> + * The basic principle of a queue-based spinlock can best be understood > + * by studying a classic queue-based spinlock implementation called the > + * MCS lock. The paper below provides a good description for this kind > + * of lock. > + * > + * http://www.cise.ufl.edu/tr/DOC/REP-1992-71.pdf > + * > + * This queue spinlock implementation is based on the MCS lock,

> + * The basic principle of a queue-based spinlock can best be understood > + * by studying a classic queue-based spinlock implementation called the > + * MCS lock. The paper below provides a good description for this kind > + * of lock. > + * > + * http://www.cise.ufl.edu/tr/DOC/REP-1992-71.pdf > + * > + * This queue spinlock implementation is based on the MCS lock,