Displaying 20 results from an estimated 3000 matches similar to: "pam_setcred() without pam_authenticate()?"
2001 Sep 05
2
reinit_creds (was Re: OpenSSHd barfs upon reauthentication: PAM, Solaris 8)
>Neither the Sun PAM documentation nor the Linux-PAM documentation
>describe the semantics of PAM_REINITIALIZE_CREDS in any useful detail.
I would agree it is vague, but then that is also a problem with the XSSO
document (http://www.opengroup.org/onlinepubs/008329799/)
>Could we please have a clarification on the semantics of
>PAM_CRED_ESTABLISH vs. the semantics of
2013 Jan 19
1
PAM function ordering
Dear all,
I've been looking into hacking with some PAM modules, and thought I could
learn from the OpenSSH source (it's probably the closest thing to a
canonical cross-platform consumer of the API).
One thing I've noticed I don't understand though is how OpenSSH's
invocation of do_pam_session/setcred can work (in main of the process
forked in sshd.c). Ignoring privsep for the
2016 Mar 07
2
[Bug 2549] New: [PATCH] Allow PAM conversation for pam_setcred for keyboard-interactive authentication
https://bugzilla.mindrot.org/show_bug.cgi?id=2549
Bug ID: 2549
Summary: [PATCH] Allow PAM conversation for pam_setcred for
keyboard-interactive authentication
Product: Portable OpenSSH
Version: 7.1p2
Hardware: Sparc
OS: Solaris
Status: NEW
Severity: enhancement
Priority: P5
2001 Sep 05
1
reinit_creds (was Re: OpenSSHd barfs upon reauthentication: PAM, Solaris 8)
>> >Could we please have a clarification on the semantics of
>> >PAM_CRED_ESTABLISH vs. the semantics of PAM_REINITIALIZE_CREDS?
>>
>> My interpretation is:
>>
>> You call PAM_ESTABLISH_CRED to create them
>> You call PAM_REINITIALIZE_CRED to update creds that can expire over time,
>> for example a kerberos ticket.
Oops. I meant
2005 Jun 29
3
sshd deletes the GSSAPI ticket on exit
Hello All,
I have run into a situation where a user exiting from a
PAM_KERBEROS-authenticated session runs the risk of deleting a
kinit-generated credentials file that was already sitting on the server. I
will explain the problem in detail, but let me begin with my question. It
has a specific reference to PAM_KERBEROS, but it can also be a general
question.
If a user (ssh) session was
2004 May 18
2
pam_setcred fails for "USE_POSIX_THREADS + non-root users + PrivSep yes"
Hello,
We use USE_POSIX_THREADS in our HP-UX build of OpenSSH. When we connect a
non-root user with PAM [pam-kerberos] then I get the following error.
debug3: PAM: opening session
debug1: PAM: reinitializing credentials
PAM: pam_setcred(): Failure setting user credentials
This is particularly for non-root users with PrivSep YES. When I connect to
a root user with PrivSep YES or to a non-root
2005 May 22
3
[Bug 926] pam_session_close called as user or not at all
http://bugzilla.mindrot.org/show_bug.cgi?id=926
dtucker at zip.com.au changed:
What |Removed |Added
----------------------------------------------------------------------------
OtherBugsDependingO|994 |
nThis| |
------- Additional Comments From dtucker at zip.com.au 2005-05-22 11:03 -------
2004 Jan 14
18
[Bug 789] pam_setcred() not being called as root
http://bugzilla.mindrot.org/show_bug.cgi?id=789
Summary: pam_setcred() not being called as root
Product: Portable OpenSSH
Version: 3.7.1p2
Platform: ix86
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P2
Component: PAM support
AssignedTo: openssh-bugs at mindrot.org
ReportedBy:
2004 Jan 14
18
[Bug 789] pam_setcred() not being called as root
http://bugzilla.mindrot.org/show_bug.cgi?id=789
Summary: pam_setcred() not being called as root
Product: Portable OpenSSH
Version: 3.7.1p2
Platform: ix86
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P2
Component: PAM support
AssignedTo: openssh-bugs at mindrot.org
ReportedBy:
2016 Mar 04
7
[Bug 2548] New: Make pam_set_data/pam_get_data work with OpenSSH
https://bugzilla.mindrot.org/show_bug.cgi?id=2548
Bug ID: 2548
Summary: Make pam_set_data/pam_get_data work with OpenSSH
Product: Portable OpenSSH
Version: 7.2p1
Hardware: Sparc
OS: Solaris
Status: NEW
Severity: major
Priority: P5
Component: PAM support
Assignee:
2000 Sep 13
2
auth-pam.c support for pam_chauthtok()
When we installed OpenSSH 2.1.1p4 on our Solaris systems, our users
noticed that it did not honor password expiration consistently with
other Solaris login services.
The patch below is against OpenSSH 2.2.0p1 and adds support for PAM
password changes on expiration via pam_chauthtok(). A brief summary of
changes:
auth-pam.c:
* change declaration of pamh to "static pam_handle_t *pamh",
2009 Jun 29
2
configure dovecot to invoke pam_setcred() from the same process that accesses ~/Maildir?
Hello. I'm wondering how one would go about configuring dovecot to
invoke pam_setcred() from the same process as (or a parent process of)
the process which eventually reads the user's mail off the disk. This
is required for pam modules that set kernel-level credentials which
are later used to access the user's mail files.
In particular, I'm trying to use dovecot with pam_krb5
2002 Jan 29
21
locked account accessable via pubkey auth
maybe this is a silly question ;-) But why is it possible to login on a
machine with a locked account (passwd -l ) via pubkey-authentication
(authorized_keys) ?
I use OpenSSH3.01p1on Solaris8 with PAM support so I thought this should not
happen.
If this is the normal behaviour and built in intentionally what would be the
easiest way to lock an account without deleting the users authorized_keys ?
2015 Sep 28
4
[Bug 2475] New: Login failure when PasswordAuthentication, ChallengeResponseAuthentication, and PermitEmptyPasswords are all enabled
https://bugzilla.mindrot.org/show_bug.cgi?id=2475
Bug ID: 2475
Summary: Login failure when PasswordAuthentication,
ChallengeResponseAuthentication, and
PermitEmptyPasswords are all enabled
Product: Portable OpenSSH
Version: 7.1p1
Hardware: ix86
OS: Linux
Status: NEW
2002 Apr 01
2
[Bug 189] pam_setcred() failures should not be treated as fatal
http://bugzilla.mindrot.org/show_bug.cgi?id=189
------- Additional Comments From stevesk at pobox.com 2002-04-01 17:49 -------
why should pam_setcred() failures not be treated as fatal?
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
1999 Dec 26
2
Disabling logging during pam_authenticate
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Is there any way to disable logging of failures during
pam_authenticate?
I ask because OpenSSH is currently generating an extra "authentication
failure..." message at each login.
The problem is that OpenSSH likes to try a blank password attempting
any other authentication. This is a shortcut for anonymous SSH servers
(e.g. OpenBSD's
2002 Feb 14
2
[Bug 117] OpenSSH second-guesses PAM
http://bugzilla.mindrot.org/show_bug.cgi?id=117
------- Additional Comments From djm at mindrot.org 2002-02-15 10:10 -------
> OpenSSH traditionally would not even start PAM, and
> now starts it specifying 'NOUSER' as the login name.
We have always used NOUSER, the recent patch just makes it consistent between
protocols 1 and 2.
> The second is to prevent username guessing
2002 Oct 29
2
Re: pam + radius
On Tue, 2002-10-29 at 05:01, Hielke Christian Braun wrote:
> i am trying to use dovecot with pam and radius. My users have names
> in the format joe at somedomain.com. When i have pam configured to use
> the normal passwd/shadow files it works fine. With radius it does not.
> I see at the radius server that the domain part of my usernames
> is always replaced with the same domain
2009 Mar 13
1
pam_authenticate() failed: authentication error
Hello,
I would like to ask for your help. I have noticed some error messages
issued by dovecot.
Mar 13 20:00:57 relay dovecot: auth-worker(default):
pam(example at example.com): pam_authenticate() failed: authentication error
(/etc/pam.d/dovecot missing?)
Not surprisingly
$ l /etc/pam.d/dovecot
ls: /etc/pam.d/dovecot: No such file or directory
The funny thing is that authentication does work
2008 May 30
2
overview of patches used in Fedora
Hi,
I have gone through the patches that are used in the Fedora package and
probably only the "mkcert-permissions" [1] can be considered to be
included upstream. It is dated into package version 1.0-0.beta2.3, but I
cannot find any particular reason for the inclusion (like a bug in
bugzilla, etc.). Some (winbind support, quota warnings) were obsoleted
by dovecot 1.1, two are used for