Displaying 20 results from an estimated 1000 matches similar to: "PAM_RUSER never set under ssh2?"
2000 Sep 13
2
auth-pam.c support for pam_chauthtok()
When we installed OpenSSH 2.1.1p4 on our Solaris systems, our users
noticed that it did not honor password expiration consistently with
other Solaris login services.
The patch below is against OpenSSH 2.2.0p1 and adds support for PAM
password changes on expiration via pam_chauthtok(). A brief summary of
changes:
auth-pam.c:
* change declaration of pamh to "static pam_handle_t *pamh",
2001 Feb 10
1
[PATCH] Tell PAM about remote host earlier
I was browsing the OpenSSH sources (which are very readable, thankyou
very much) and noticed that PAM was only being told what host the user
is logging in from for account processing - not for password
processing. As I can see no reason not to put this in start_pam this is
exactly what I have done - and attached a patch to this effect.
This allows PAM to fill in rhost= in its audit messages
1999 Nov 22
1
[s-x86] OpenSSH 1.2pre14 fails on pam_open_session() ...
On Mon, 22 Nov 1999, Philip Brown wrote:
> [ Marc G. Fournier writes ]
> > debug("PAM_retval(open_session) about to run");
> > pam_retval = pam_open_session((pam_handle_t *)pamh, 0);
>
> >
> > ===========================================
> >
> > so, its looking like I'm authenticated properly, but when trying to set up
> > the
2002 Oct 21
0
[Bug 419] New: HP-UX PAM problems with 3.5p1
http://bugzilla.mindrot.org/show_bug.cgi?id=419
Summary: HP-UX PAM problems with 3.5p1
Product: Portable OpenSSH
Version: -current
Platform: HPPA
OS/Version: HP-UX
Status: NEW
Severity: normal
Priority: P2
Component: sshd
AssignedTo: openssh-unix-dev at mindrot.org
ReportedBy:
2002 Jul 16
2
HP-UX PAM with Trusted System patch
I'm fairly new to the list and new to submitting patches. Can someone
please verify the attached patch for running a HP-UX Trusted System with
PAM and OpenSSH 3.4p1? The problem seemed to be that pam couldn't verify
the user via __pamh after the call to permanently_set_uid in session.c.
So I called do_pam_session prior to the call and added a function
do_pam_set_tty in order to set the
1999 Dec 28
0
Patches to report rsaref build and to call pam_setcred
I've attached two patches. The first just changes the output of "ssh -V"
to print that it was built against rsaref if libRSAglue (which is built
as part of openssl only when it is built against rsaref) is present at
build-time. The second adds appropriate calls to pam_setcred() in sshd.
Without them, our systems can't access AFS because the PAM modules only
get tokens at a
2001 Mar 30
1
PAM and -u0
is this change ok? goal is that PAM with -u0 does not use DNS (like
without PAM).
Index: auth-pam.c
===================================================================
RCS file: /var/cvs/openssh/auth-pam.c,v
retrieving revision 1.34
diff -u -r1.34 auth-pam.c
--- auth-pam.c 2001/03/27 06:12:24 1.34
+++ auth-pam.c 2001/03/30 16:46:12
@@ -41,6 +41,10 @@
static int do_pam_conversation(int num_msg,
2002 Jun 26
3
pam session as root
Beyond any more general questions of whether pam sessions *should* be
run as root, is there an immediate security concern with moving the
pam_open_session (and pam_setcred) stuff to the parent (root) process?
(E.g., via the patch below.)
--
Mike Stone
diff -u -r1.4 auth-pam.c
--- auth-pam.c 25 Jun 2002 00:45:33 -0000 1.4
+++ auth-pam.c 25 Jun 2002 20:33:41 -0000
@@ -286,6 +286,8 @@
2002 Dec 10
5
[PATCH] Password expiry with Privsep and PAM
Hi All.
Attached is a patch that implements password expiry with PAM and
privsep. It works by passing a descriptor to the tty to the monitor,
which sets up a child with that tty as stdin/stdout/stderr, then runs
chauthtok(). No setuid helpers.
I used some parts of Michael Steffens' patch (bugid #423) to make it
work on HP-UX.
It's still rough but it works. Tested on Solaris 8 and
2002 Dec 21
6
[PATCH] PAM chauthtok + Privsep
Hello All.
Attached is an update to my previous patch to make do_pam_chauthtok and
privsep play nicely together.
First, a question: does anybody care about these or the password
expiration patches?
Anyway, the "PRIVSEP(do_pam_hauthtok())" has been moved to just after
the pty has been allocated but before it's made the controlling tty.
This allows the child running chauthtok to
2014 Apr 24
0
Help implementing username_format in auth PAM driver
While configuring my server with dovecot I noticed that the PAM
authentication driver does not support the username_format option as
does the password file driver. This didn't seem too hard to implement
so I through together a patch.
As you can see in the attached patch I only modify the username sent
to PAM. Despit doing this I run into the domain lost
2002 Feb 15
0
[Bug 118] New: Implement TIS (protocol 1) via PAM
http://bugzilla.mindrot.org/show_bug.cgi?id=118
Summary: Implement TIS (protocol 1) via PAM
Product: Portable OpenSSH
Version: -current
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P3
Component: sshd
AssignedTo: openssh-unix-dev at mindrot.org
ReportedBy: fcusack at
2000 Aug 27
0
patch for TIS (skey/opie) *and* passwd auth via PAM
Hello,
appended is a patch that makes it possible to use PAM both for
password authentication and TIS (i.e. s/key or opie or any other
interactive challenge/response scheme). I have developed this starting
from the patch at http://www.debian.org/Bugs/db/61/61906.html on
Debian with openssh-2.1.1p4-3. After configuring ssh with
--with-pam-tis, there are two PAM services, "sshd" and
2001 Oct 29
2
pam_open_session w/o tty on Solaris
Hello, all-
Apparently, under Solaris (I can personally confirm SunOS 5.7 and 5.8),
pam_open_session will generate a segfault if PAM_TTY is not set. The
obvious symptom of this is that OpenSSH 2.9.9p2 will segfault on any
operation that does not request a tty (do_exec_no_pty).
Based on a quick google search, this seems to have been encountered
by others, though the specific symptoms seem to
2000 Jul 03
2
2.1.1p2 HP-UX 11 PAM General Commerical Security error
Trying 2.1.1p2 on HP-UX 11 (trusted system) I get:
Jul 3 14:24:53 robinson sshd[1236]: debug: Encryption type: 3des
Jul 3 14:24:53 robinson sshd[1236]: debug: Received session key; encryption turned on.
Jul 3 14:24:53 robinson sshd[1236]: debug: Installing crc compensation attack detector.
Jul 3 14:24:53 robinson sshd[1236]: debug: Starting up PAM with username "stevesk"
Jul 3
2004 Sep 14
1
PATCH: Public key authentication defeats passwd age warning.
All,
I tried to sign up for this list a few weeks ago, but I don't think
it worked. After I confirmed my intention to be on the list, I only
got one single message from someone on the list, and that was it.
So, either this is a particularly quiet list, or my subscription
was dropped somehow just after it was made. So, if you could kindly
CC me directly on any responses to this, I sure would
2007 Aug 23
1
PAM_RUSER questions
By looking at the code, I saw that PAM_RUSER is not set by sshd.
Is there a reason why ?
If I write a patch to add that feature, is there a chance for it to be
included in the main distrib ?
Best regards,
Arnauld
2003 Nov 13
0
[PATCH] Make PAM chauthtok_conv function into tty_conv
Hi All.
Attached is a patch that converts pam_chauthtok_conv into a generic
pam_tty_conv, which is used rather than null_conv for do_pam_session.
This allows, for example, display of messages from PAM session modules.
The accumulation of PAM messages into loginmsg won't help until there is
a way to collect loginmsg from the monitor (see, eg, the patches for bug
#463). This is because the
2002 Feb 27
0
[Bug 127] New: PAM with ssh authentication and pam_krb5 doesn't work properly
http://bugzilla.mindrot.org/show_bug.cgi?id=127
Summary: PAM with ssh authentication and pam_krb5 doesn't work
properly
Product: Portable OpenSSH
Version: 3.0.2p1
Platform: UltraSparc
OS/Version: Solaris
Status: NEW
Severity: normal
Priority: P2
Component: sshd
AssignedTo:
2002 Feb 27
0
openssh & solaris
while trying to sort out the PAM incompatabilities between openssh 3.0.2p1
and solaris 8 and sun's pam_krb5 i got some things to work. i'm really not
sure where the appropriate place to submit patches is so for now i'm sending
them here.
this patch will allow PAM interoperability when using sun's pam_krb5 without
using the system login routine (this way X forwarding will