similar to: [PATCH] sshd unable to restart

Can anyone with Heimdal KrbV verify this? -------------- next part -------------- An embedded message was scrubbed... From: Dag-Erling Smorgrav <des at ofug.org> Subject: Kerberos buglet in OpenSSH-3.3p1 Date: 25 Jun 2002 14:52:10 +0200 Size: 1291 Url: http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20020626/347e123e/attachment.mht

[bcc: to re@] Considering the amount of changes between 4.x and 5.x, and the performance issues of the latter, I think I can safely predict that RELENG_4 will be around for a long time after the RELENG_5 branch. While I understand that some will resist making RELENG_4 any more useful than it currently is (to encourage users to move to 5.x), I think there is one issue that should be addressed: the

I am having problem with getting the src from the cvs server for a specific date I read the the man page and it said the date format is : "date=[cc]yy.mm.dd.hh.mm.ss This specifies a date that should be used to select the revi- sions that are checked out from the CVS repository. The client will receive the revisions that were in effect at the specified date and time. At present, the date

http://bugzilla.mindrot.org/show_bug.cgi?id=315 Summary: add miissing includes and defines for FREEBSD Product: Portable OpenSSH Version: -current Platform: Other OS/Version: FreeBSD Status: NEW Severity: normal Priority: P2 Component: Build system AssignedTo: openssh-unix-dev at mindrot.org

Hi. It would be of utmost utility if there were a way to cause the sshd "banner" configuration setting to only print the banner in certain circumstances. What I'm actually after is avoiding printing out the banner for non-interactive sessions, so that if I run "ssh somehost ls" I don't get the login banner, but if I just type "ssh somehost" I do (at

A STABLE (not updated since 12/13/02) system shows very strange behavior for devices with a minor mode greater than 256. tcpdump does not work reliably and ls is, uh, "strange", using hex for the minor mode. crw------- 1 root wheel 23, 252 Apr 11 14:29 bpf252 crw------- 1 root wheel 23, 253 Apr 11 14:29 bpf253 crw------- 1 root wheel 23, 254 Apr 11 14:29 bpf254

I have a epox nforce2 motherboard and it has a phy nic built in but I can't use it. when will working driver be available??

HELO, My old CRT is a bit broken so I decided to buy new screen. I d like to get an LCD monitor. I also use FreeBSD , X ver.4.2 server and GNOME 2.2. And now my question: Do I have to setup my X for that monitor, or maybe just change name, vendor, refresh modes in my XF86Config ? I am not going to use DVI.... thanks for help MArek

Hi all. I just upgraded my server from 4.7-Stable to 5.0-Release by a full install. Now I hit a problem with the date.. the time goes much faster than normal.. maybe twice as normal... this morning I found the following kernel log in /var/log/messages May 26 17:23:58 jupiter kernel: Timecounter "i8254" frequency 1193182 Hz May 26 17:23:58 jupiter kernel: Timecounter "TSC"

Hi all! I need your help. My server doesn't respond any more. Everything crashed. How can I find out if this is a bug or it is simply overloaded? I don't have much running, just KDE with about 10 programs on each of the 16 desktops, and a few background processes. This seems much, but I often have much more stuff running, and it is not even slow. It does respond when I ping it, but

We have been having a problem with sshd on our shell server. This has been happening since March 4, 2003 or before IIRC. Initially I thought the next OS upgrade, to 4.8 would fix this. I am accustomed to haveing little things go away in a month or two. I think we jumped to 4.7-STABLE on Feb 28, 2003. Some exploit fix wasn't being MFSd to RELENG_4_7 fast enough for my nerves (cvsd?). It

Below is a new PAM kbd-int diff based on FreeBSD's code. This code makes PAM kbd-int work with privilege separation. Contrary to what I have previously stated - it *does* handle multiple prompts. What it does not handle is multiple passes through the PAM conversation function, which would be required for expired password changing. I would really appreciate some additional eyes over the

Hello all, The long-mooted PAM merge from FreeBSD is starting _now_. This replaces the PAM password auth kludge that we have used until now with a discrete challenge-response module. This module is invoked via keyboard-interactive for protocol 2 or TIS auth for protocol 1. Warning: this is a large change and will probably break things. It has only been tested with basic password auth modules and

Hello all, I'm not able to get Kerberos5 authenticarion work together with PrivSep. According to strace, it seems that the kerberos authentication stage is performed by the user process in chrooted enviroment. The problem is that Kerberos authentication must be done by root. Is anybody working on a fix? (or am I missing something in configuration?) Thanks for any advice. -- Dan

A non-text attachment was scrubbed... Name: openssh.diff Type: text/x-patch Size: 49208 bytes Desc: not available Url : http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20020626/8f94fb5b/attachment.bin

resending to the whole mailing list .. ----- Forwarded message from kouril ----- Date: Wed, 26 Jun 2002 11:50:14 +0200 To: Damien Miller <djm at mindrot.org> Subject: Re: [Fwd: Kerberos buglet in OpenSSH-3.3p1] User-Agent: Mutt/1.2.5i In-Reply-To: <1025084114.12959.0.camel at mothra.mindrot.org>; from djm at mindrot.org on Wed, Jun 26, 2002 at 07:35:14PM +1000 On Wed, Jun 26, 2002 at

Hi there, I was looking for stack smashing protection under freebsd, so i found libparanoia (/usr/ports/security/libparanoia), i had only one question using the normal 'make install' (so no copy-to-libc). If i add in /ert/make.conf: CFLAGS= -O -pipe -lparanoia -L/usr/local/lib COPTFLAGS= -O -pipe -lparanoia -L/usr/local/lib Will EVERYTHING build from that time (including

Hi, I wonder if there will be a 3rd and 4th disk (additional Packages) to 4.8-Release ... or won't there like in 5.0-Release. Thanks! Zheyu -- +++ GMX - Mail, Messaging & more http://www.gmx.net +++ Bitte l?cheln! Fotogalerie online mit GMX ohne eigene Homepage!

CVSup is slow, insecure, and a memory hog. However, until now it's been the only option for keeping an up-to-date ports tree, and (thanks to all of the recent work on vuxml and portaudit) it has become quite obvious that keeping an up-to-date ports tree is very important. To provide a secure, lightweight, and fast alternative to CVSup, I've written portsnap. As the name suggests, this

If an ssh1 client initiates challenge-response authentication but does not submit a response to the challenge, and instead switches to some other authentication method, verify_response() will never run, and the kbdint device context will never be freed. In some cases (such as when the FreeBSD PAM authentication code is being used) this may cause a resource leak leading to a denial of service.