similar to: [Patch] PAM Service name option

I append a patch against openssh-3.5p1.tar.gz which adds a config option PAMServiceName. The option allows one to specify the PAM service at runtime in the config file rather than using __progname or having it hardwired to SSHD_PAM_SERVICE at compile time. I expect this to be useful if one wants to run multiple instances of sshd using different PAM configurations. With this patch

https://bugzilla.mindrot.org/show_bug.cgi?id=2246 Bug ID: 2246 Summary: PAM enhancements for OpenSSH server Product: Portable OpenSSH Version: 6.6p1 Hardware: Sparc OS: Solaris Status: NEW Severity: enhancement Priority: P5 Component: PAM support Assignee: unassigned-bugs at

Currently, openssh's PAM service name is a compile-time choice. That's fine when one uses one sshd to serve normal shell logins and the like. But this will not work IF sshd is nor run as root (which I don't want it to do), because pam_open_session usually requires access to one's shadow information (for account expiration perhaps?), and there is no way (and need: this sshd is

Hello, Here's the situation I'm facing : I'm running OpenSSH on a server. On a gateway, I forward TCP:22 to the server TCP:22. So far, so good. I can log in from inside the lan by connecting using standard SSH port, or from the other network through the gateway. Now, I'd like a different configuration for connections from the outside. I start another SSHd on the

Hello All, The attached patch allows openssh to specify which pam service name to authenticate users against by specifying the PAMServiceName attribute in the sshd_config file. Because the parameter can be included in the Match directive sections, it allows different authentication based on the Match directive. In our case, we use it to allow different levels of authentication based on the

Hello, appended is a patch that makes it possible to use PAM both for password authentication and TIS (i.e. s/key or opie or any other interactive challenge/response scheme). I have developed this starting from the patch at http://www.debian.org/Bugs/db/61/61906.html on Debian with openssh-2.1.1p4-3. After configuring ssh with --with-pam-tis, there are two PAM services, "sshd" and

On 12/11/2024 12:39, anctop wrote: > It seems that release 9.9p1 does not use the binary filename as the > PAM service name, but sticks to "sshd" for all instances. man sshd_config: ???? PAMServiceName ???????????? Specifies the service name used for Pluggable Authentication Modules (PAM) authentication, authorisation and session controls when ???????????? UsePAM is

Hi, Many thanks for your prompt answer. We overlooked this new option because it was not available in the 9.3p1 config. On Tue, 12 Nov 2024 at 20:52, Brian Candler <b.candler at pobox.com> wrote: > > On 12/11/2024 12:39, anctop wrote: > > It seems that release 9.9p1 does not use the binary filename as the > PAM service name, but sticks to "sshd" for all

https://bugzilla.mindrot.org/show_bug.cgi?id=2102 Bug ID: 2102 Summary: [PATCH] Specify PAM Service name in sshd_config Classification: Unclassified Product: Portable OpenSSH Version: 6.2p1 Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 Component: PAM support

http://bugzilla.mindrot.org/show_bug.cgi?id=559 Summary: PAM fixes Product: Portable OpenSSH Version: 3.6.1p2 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P3 Component: sshd AssignedTo: openssh-unix-dev at mindrot.org ReportedBy: fcusack at fcusack.com - start PAM

http://bugzilla.mindrot.org/show_bug.cgi?id=117 ------- Additional Comments From fcusack at fcusack.com 2002-04-16 23:27 ------- sshd should definitely not be using 'NOUSER'. The correct thing is to use the username, regardless of whether (pw) exists. I can't understand why you would substitute the value 'NOUSER'. ------- You are receiving this mail because: -------

Hello, on my Debian woody system, I tried to get sshd to accept OPIE (one time password) authorization through PAM. This currently fails because there is no way to permit the OPIE challenge to be displayed at the password prompt. Starting from the patch at http://www.debian.org/Bugs/db/61/61906.html I managed to get OPIE working. However, the patch above is not very clean in that it replaces

Hello folks, this looks about the only place I can find on issues dealing with the subject line. The message that got me posting is included below the line of *'s. Basically I've tried getting this working with Pam authentication and using the new login binary that comes with Opie 2.32. No joy. I am using RedHat 6.0 OpenSSH 2.3.0p1 Pam 0.66-18 I can get the opie challenge only on a

Any chance PAMServiceName could be added as a Match option? It would be great to have a different PAM config (MFA, etc.) based on source address. -- Carson

Hi, I've configured opie (one time passwords) under FreeBSD and I came across the following problem. It looks like libpam does not stop the authentication process when a 'requisite' module fails. I find this strange as the pam 'requisite' is defined in the man pages as: requisite - failure of such a PAM results in the immediate termination of the authentication process; Here

http://bugzilla.mindrot.org/show_bug.cgi?id=629 Summary: sshd_config & PAM backwards compatibility Product: Portable OpenSSH Version: -current Platform: All OS/Version: All Status: NEW Severity: trivial Priority: P5 Component: PAM support AssignedTo: openssh-bugs at mindrot.org

I've attached a patch relative to OpenSSH 2.5.1p1 which sets the default PAM service name to __progname instead of the hard-coded value "sshd". This allows you to have multiple invokations of sshd under different names, each with its own PAM configuration. Please let me know if you have any questions or problems. -- Mark D. Roth <roth at feep.net> http://www.feep.net/~roth/

Hi ! Sorry to bring back the infamous "NOUSER" in the conversation but I didn't get the workaround on that problem. Firstly, I'm using : - openssh-3.1p1-15 which is the version which comes by default with my Red Hat Linux Advanced Server release 2.1AS. - I'm using PAM, set up to use radius. Please find below the /etc/pam.d/sshd file : #%PAM-1.0 auth

Hi, we encounter a problem using PAM with privsep to manage OPIE authentication : in some -- not really reproducible -- cases, the child responsible of PAM authentication stalls and continues to run even if its parent has been closed. The server is the standard RHEL 4 install, which is a 3.9p1 with backported security patches As this children account for the 'MaxStartups' limit, new

This patch adds a config file option 'PAMService' that sets the PAM service sshd will use. It should leave the current behavior unchanged if PAMService is not set in the config file (i.e. use __progname for the service or SSHD_PAM_SERVICE if it's set at compile time). The patch is against the current portability release in CVS. Why would you want something like this? I have a machine