similar to: PAM vulnerability in portable OpenSSH

https://bugzilla.mindrot.org/show_bug.cgi?id=2426 Bug ID: 2426 Summary: OpenSSH doesn't need the second call to do_pam_setcred() on non-Linux platforms Product: Portable OpenSSH Version: 6.9p1 Hardware: Sparc OS: Solaris Status: NEW Severity: minor Priority: P5

Hi All. Has anyone else tried the current tree on Solaris 8? I installed a recommended patch cluster and now I get PAM errors, but only on a non-interactive (ie no TTY) login. I think this behaviour was introduced with the patch cluster. First thing is that in debug mode, the debug at auth-pam.c:534 derefs tty which is null, and segfaults. This occurs in debug mode only and is easy to fix.

https://bugzilla.mindrot.org/show_bug.cgi?id=1799 Summary: Unable to login through PAM on Solaris 8 x86 due to PAM_TTY Product: Portable OpenSSH Version: 5.5p1 Platform: ix86 OS/Version: Solaris Status: NEW Severity: major Priority: P2 Component: PAM support AssignedTo:

Subject: Portable OpenSSH Security Advisory: sshpam.adv This document can be found at: http://www.openssh.com/txt/sshpam.adv 1. Versions affected: Portable OpenSSH versions 3.7p1 and 3.7.1p1 contain multiple vulnerabilities in the new PAM code. At least one of these bugs is remotely exploitable (under a non-standard configuration, with privsep disabled).

Subject: Portable OpenSSH Security Advisory: sshpam.adv This document can be found at: http://www.openssh.com/txt/sshpam.adv 1. Versions affected: Portable OpenSSH versions 3.7p1 and 3.7.1p1 contain multiple vulnerabilities in the new PAM code. At least one of these bugs is remotely exploitable (under a non-standard configuration, with privsep disabled).

Hi Apple changed from Linux PAM to OpenPAM and the dovecot pam file (dovecot installed from macports) doesn't work anymore. Installed pam modules are: -r--r--r-- 1 root wheel 76640 31 Jul 09:15 pam_env.so.2 -r--r--r-- 1 root wheel 51024 31 Jul 09:15 pam_group.so.2 -r--r--r-- 1 root wheel 99776 31 Jul 09:15 pam_krb5.so.2 -r--r--r-- 1 root wheel 51552 31 Jul 09:15

When we installed OpenSSH 2.1.1p4 on our Solaris systems, our users noticed that it did not honor password expiration consistently with other Solaris login services. The patch below is against OpenSSH 2.2.0p1 and adds support for PAM password changes on expiration via pam_chauthtok(). A brief summary of changes: auth-pam.c: * change declaration of pamh to "static pam_handle_t *pamh",

Hi, I want to integrate openpam with openssh in our server (which uses QNX632 operating system). I am facing some problems in the "make install" part of openssh. Following are the steps I followed to build zlib, openssl, openpam and openssh. *NOTE*: Since I want the sshd and ssh binaries in my server(using QNX), I had to cross compile the packages for QNX (environment was set to x86)

This is actually something I had on my mind to write about in the past few -stable and alpha releases, but did not get to and instead always patched myself. Now having updated to the latest snapshot (which may be released as beta1), I stumbled on it again: In src/auth/passdb-pam.c, where the client host is passed to PAM, the code looks like this: #ifdef PAM_RHOST const char *host =

Hello all, I was running some tests with openssh 3.7.1p2 and I noticed that PermitRootLogin without-password does not work when PAM is enabled. In fact, when PAM is enabled, PermitRootLogin will work as "yes" if " without-password" is used, no matter what kind of authentication is used for root login. Is that a bug, I missed something in the configurations, or expected

As many of you know, OpenSSH 3.7.X, unlike previous versions, makes PAM authentication take place in a separate process or thread (launched from sshpam_init_ctx() in auth-pam.c). By default (if you don't define USE_POSIX_THREADS) the code "fork"s a separate process. Or if you define USE_POSIX_THREADS it will create a new thread (a second one, in addition to the primary thread). The

Hi I try to use windbind rule to authenticate users in dovecot login procedure. /etc/nsswitch.conf file: passwd: files winbind shadow: files winbind group: files winbind when I try logon from my console to dovecot (pop3 server): # telnet komp14 110 Trying 10.10.10.38... Connected to komp.xxx.xxx (10.10.10.38). Escape character is '^]'. +OK Dovecot ready. user tt1 +OK pass xxxxxxxxx -ERR

Hello, I found that in the new FreeBSD 9.2 (probably in 10 also) updated OpenPAM sources. The big embarrassment was in pam_get_authtok.c. The problem is that even without a valid SSH login it's possible to know the server's hostname. az at az:/home/az % ssh 1.2.3.4 Password for az at real.hostname.com: Changes made by "des":

My company, which is a mac-heavy shop in the printing industry, needed to migrate to a faster file server. As our directory trees are very large, both Samba, and Netatalk were bogging down badly on our Linux server (Samba, due to heavy CPU usage during directory listings - the case-sensitive file system issue, and netatalk because the cnid db was getting too big). Our solution was to switch to a

While configuring my server with dovecot I noticed that the PAM authentication driver does not support the username_format option as does the password file driver. This didn't seem too hard to implement so I through together a patch. As you can see in the attached patch I only modify the username sent to PAM. Despit doing this I run into the domain lost

Hi, I''m trying to write a helper for Scriptaculous'' InPlaceCollectionEditor component. I''ve already submitted a patch (http://dev.rubyonrails.org/ticket/4302). This was a drunk patch; it needs a bit of work (Don''t drink & code!). So far I''ve gotten it to work correctly with normal collections, but I want to use it for belongs_to relations as

All, I hate to ask what's going to boil down to a configuration issue (I think)... and before I start pouring through the code I'm hoping someone can just point out what's going on. Essentially, on a particular "flavor" of our redhat linux 8 boxes PAM always seems to be called/fail before any real authentication takes place. On other boxes, this is not the case. Normally

I do not have any ideas on this. Where should I start. [root at 192.168.1.80 security]# date && time ssh -v 192.168.1.21 date Fri May 23 11:43:53 EDT 2008 OpenSSH_3.9p1, OpenSSL 0.9.7a Feb 19 2003 debug1: Reading configuration data /root/.ssh/config debug1: Applying options for 192.168.1.21 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug1:

https://bugzilla.mindrot.org/show_bug.cgi?id=2502 Bug ID: 2502 Summary: using AuthenticationMethods to require s/key and pam doesn't work Product: Portable OpenSSH Version: 7.1p1 Hardware: amd64 OS: Linux Status: NEW Severity: normal Priority: P5 Component: sshd

The 2.1.1p3 release of portable OpenSSH has been uploaded to the OpenBSD ftp master site. In a few hours it will be available from one of the many mirrors listed at: http://www.openssh.com/portable.html This release fixes several bugs reported since the previous release and extends portability to NeXT and Reliant Unix. As usual, the OpenBSD team has been hard at work further polishing and