similar to: One strange configure option for SIA

Hi, I tried building the version 4.2p1 on the FreeBSD box. Even if I executed the configure script with --with-rpath and --with-libedit=/path/to/libedit the -R options for libedit are NOT added in linking although that for zlib and OpenSSL are correctly done. This problem can be easily avoided by editing openssh-4.2p1/Makefile after executing the configure script. This means that you

Hi, develop members: When I read the document INSTALL in order to install OpenSSH-3.7.1p1, I noticed that MANY obsolete descriptions do remain still now. (1) The configure options '--with-kerberos4' and '--with-afs' were obsoleted because Kerberos IV support and AFS support were removed; however the descriptions remain still now. (2) The configure option

Hi, I've noticed that building 4.1p1 fails on FreeBSD 4.x if the libedit support is enabled by the "--with-libedit" configure option. I tried to build OpenSSH-4.1p1 under the following environment: CPU: i386 family OS: FreeBSD 4.11-RELEASE Compiler: gcc-2.95.4 (/usr/bin/gcc) ---- libedit: (located at /usr/lib/) Building fails with the following messages: ---------- gcc

Hi, develop members: When I checked the output of './configure --help', I noticed that the '--(enable|disable)-lastlog' option was unnecessary any longer. This option can be replaced by the '--with(out)-lastlog'. Thanks. --- Norihiko Murase <skeleten at shillest.net>

Hi All. We are planning on doing one of our regular OpenSSH releases (4.6/4.6p1) some time next week. This is a mostly a bugfix release, but there is one new feature: sshd now allows the enabling and disabling of authentication methods on a per user, group, host and network basis via the Match directive in sshd_config. The bugs fixed are: #52 ssh hangs on exit. #1252 sftp returns 0 when

http://bugzilla.mindrot.org/show_bug.cgi?id=814 Summary: Turning on OSF SIA causes linker errors in sshd Product: Portable OpenSSH Version: -current Platform: All OS/Version: OSF/1 Status: NEW Severity: critical Priority: P1 Component: Build system AssignedTo: openssh-bugs at mindrot.org

A while back, I sent in a patch that added Digital Unix SIA authentication to OpenSSH. Well, I just figured out that it didn't handle everything correctly (locked accounts could still log in). I thought I had checked that, but I guess I missed it. Anyway, here is a patch against OpenSSH 2.2.0p1 that fixes this. -- Chris Adams <cmadams at hiwaay.net> Systems and Network Administrator

http://bugzilla.mindrot.org/show_bug.cgi?id=1241 Summary: Connections to Tru64 hosts hang when password is expired. Product: Portable OpenSSH Version: 4.4p1 Platform: Alpha OS/Version: OSF/1 Status: NEW Keywords: patch Severity: normal Priority: P2 Component: sshd

Hi, I've seen that openssh will have different function names for des, I think thats great. As kerberos4 nor kerbero5 from KTH in Sweden support those new calls yet, I thought it would be best for me to switch back to the old behaviour, i.e. have kerberized libkrb and other libs with disabled support for openssl (which means libdes is compiled). Then, compile openssh-3.5p1 with kerberos4

http://bugzilla.mindrot.org/show_bug.cgi?id=802 Summary: sshd of openssh-3.8p1 doesn't link on Tru64. Product: Portable OpenSSH Version: 3.8p1 Platform: Alpha OS/Version: OSF/1 Status: NEW Severity: normal Priority: P2 Component: Build system AssignedTo: openssh-bugs at mindrot.org

Something really hosed Digital/Tru64 UNIX SIA support in 2.5.2p1. I haven't been able to figure out what changed in the code, but the symptom seems to be that the TTY name being registered with SIA is truncated to eight characters. This apparently prevents it from matching with entries in the tty database, and the dreaded "Cannot obtain database information on this terminal

I'm using OpenSSH_3.5p1 (server protocol 2.0 ) on a Compaq device V5.1A with C2 Security (SIA) configured. I must set UsePrivilegeSeparation to no to get this working. Does anyone have PrivilegeSeparation working on a Compaq device with C2 Security configured? Source device: ssh user at destination ( produces these errors) sshd: /var/tcb/files/__db_lock.share: Permission denied sshd:

Hi All. There have recently (well, today :-) been changes to OpenSSH Portable's auth-passwd.c from OpenBSD to accomodate forced changes of expired passwords. (Rabid password expirers shoulon't get excited yet, it's currently bsdauth only, but support for other platforms should start trickling in shortly). As part of that, some individual platforms have gained their own

http://bugzilla.mindrot.org/show_bug.cgi?id=802 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- OtherBugsDependingO| |821 nThis| | Summary|sshd of openssh-3.8p1 |sshd configured with SIA

I have recently written a (minimal) Tru64 Unix SIA password module for Dovecot as part of testing a Dovecot installation. Has anyone else written a Tru64 Unix SIA module? Is anyone else interested in such a module? If so, how might I/we go about getting this/such a module into the main Dovecot source? Thanks -- Simon L Jackson Carringbush.Net +- Carringbush.Net Hosting * Development *

./configure --with-sia # ./dovecot --build-options Build options: ioloop=poll ipv6 openssl SQL drivers: Passdb: checkpassword passwd passwd-file Userdb: checkpassword passwd prefetch passwd-file static # ./dovecot --version 1.0.8 # ./dovecot -n # 1.0.8: /usr/local/etc/dovecot.conf protocols: pop3 listen: *:10100 ssl_disable: yes disable_plaintext_auth: no login_dir:

I have "PermitRootLogin no" in my sshd_config, but under Tru64 and SIA, the root login attempts still get passed to the SIA system (so I get lots of warnings about failed root logins). On systems with a "max failed attempts" setting, the root account can be locked out this way. I started looking at the code, and I'm not sure I understand what I see. In auth-passwd.c,

I think I'm ready with the SIA (Security Integration Architecture) patches for Tru64 UNIX. All of the code was written by Tom Woodburn, an engineer at Compaq. I've only performed integration and testing of the patches with more help from Tom. Tom's original patches were included in the "other" ssh. We'd both like to see SIA support get into OpenSSH. SIA provides PAM-like

Hello. The following is a patch against OpenSSH 3.0.2p1 to fix OpenSSH's handling of Tru64 SIA authentication. The main changes are to make the SIAENTITY a global variable (so that it remains persistent across function calls), initialization only happens once, the session is only released once. This makes SIA modules that require authentication in order to perform certain actions during the

Hi- Under privsep, I experimented with moving the session_setup_sia() out of do_child() and into do_setusercontext(), which is where the uids/gids are set to the final execution user. The call is made with a NULL tty, and this is functional provided that any later pty allocation uses grantpty() to set the device permissions. Logging in with this method shows that a utmp entry does get made for