Displaying 20 results from an estimated 200 matches similar to: "Fix for USE_POSIX_THREADS in auth-pam.c"
2003 Oct 12
4
[PATCH]: Call pam_chauthtok from keyboard-interactive.
Hi All.
This patch calls pam_chauthtok() to change an expired password via PAM
during keyboard-interactive authentication (SSHv2 only). It is tested on
Redhat 8 and Solaris 8.
In theory, it should have simply been a matter of calling pam_chauthtok
with the PAM_CHANGE_EXPIRED_AUTHTOK flag, it'd only change the password is
if it's expired, right? From the Solaris pam_chauthtok man page:
2003 Sep 23
5
PAM sessions and conversation functions
In OpenSSH 3.6.1p2, pam_open_session() ran with a conversation function,
do_pam_conversation(), that fed text to the client. In OpenSSH 3.7.1p2,
this is no longer the case: session modules run with a conversation
function that just returns PAM_CONV_ERR. This means that simple session
modules whose job involves printing text on the user's terminal no
longer work: pam_lastlog, pam_mail, and
2003 Nov 13
0
[PATCH] Make PAM chauthtok_conv function into tty_conv
Hi All.
Attached is a patch that converts pam_chauthtok_conv into a generic
pam_tty_conv, which is used rather than null_conv for do_pam_session.
This allows, for example, display of messages from PAM session modules.
The accumulation of PAM messages into loginmsg won't help until there is
a way to collect loginmsg from the monitor (see, eg, the patches for bug
#463). This is because the
2003 Aug 08
0
Problem with -current on Solaris 8 + PAM?
Hi All.
Has anyone else tried the current tree on Solaris 8? I installed a
recommended patch cluster and now I get PAM errors, but only on a
non-interactive (ie no TTY) login. I think this behaviour was introduced
with the patch cluster.
First thing is that in debug mode, the debug at auth-pam.c:534 derefs tty
which is null, and segfaults. This occurs in debug mode only and is easy
to fix.
2004 Sep 14
1
PATCH: Public key authentication defeats passwd age warning.
All,
I tried to sign up for this list a few weeks ago, but I don't think
it worked. After I confirmed my intention to be on the list, I only
got one single message from someone on the list, and that was it.
So, either this is a particularly quiet list, or my subscription
was dropped somehow just after it was made. So, if you could kindly
CC me directly on any responses to this, I sure would
2007 May 24
2
[RFC][PATCH] Detect and handle PAM changing user name
I've implemented a patch to openssh which allows the PAM auth layer
to detect if the PAM stack has changed the user name and then adjusts
its internal data structures accordingly. (imagine a PAM stack that
uses individual credentials to authenticate, but assigns the user to
a role account).
First, is the openssh community interested in this patch?
Second, if there is interest in the patch,
2003 Dec 07
0
[PATCH] Do PAM chauthtok via keyboard-interactive.
Hi All.
Attached is another patch that attempts to do pam_chauthtok() via SSH2
keyboard-interactive authentication. It now passes the results from the
authentication thread back to the monitor (based on a suggestion from
djm).
Because of this, it doesn't call do_pam_account twice and consequently
now works on AIX 5.2, which the previous version didn't. I haven't tested
it on any
2003 Nov 13
0
[PATCH] Perform do_pam_chauthtok via SSH2 keyboard-interactive.
Hi All.
Attached is a patch to perform pam_chauthtok via SSH2
keyboard-interactive. It should be simpler, but since Solaris seems to
ignore the CHANGE_EXPIRED_AUTHTOK flag, it calls do_pam_account to check
if it's expired. To minimise the change in behaviour, it also caches the
result so pam_acct_mgmt still only gets called once.
This doesn't seem to work on AIX 5.2, I don't know
2006 Jan 19
5
Only one chance to enter a new password?
Hello there,
We are using OpenSSH_3.9p1, OpenSSL 0.9.7d 17 Mar 2004 on various
Solaris boxes with PAM and an LDAP server back end.
Recently we have added a requirement for users to have complex
passwords. The problem is, if a user's password has expired, when they
log in they are prompted for a new password (good) but if they enter a
non-complex new password the session is closed rather than
2004 Dec 28
2
LinuxPAM and sshd: changing conversation function doesn't work but claims to.
Hi.
I'm one of the OpenSSH developers, and I've done some of the work on
sshd's PAM interface recently.
I've discovered some behaviour peculiar to LinuxPAM that I can't
explain: changing the conversation function does not appear to work,
even though the pam_set_item() call claims to succeed. The previous
conversation function is still called.
Background: the PAM API
2010 Jul 16
8
[Bug 1799] New: Unable to login through PAM on Solaris 8 x86 due to PAM_TTY
https://bugzilla.mindrot.org/show_bug.cgi?id=1799
Summary: Unable to login through PAM on Solaris 8 x86 due to
PAM_TTY
Product: Portable OpenSSH
Version: 5.5p1
Platform: ix86
OS/Version: Solaris
Status: NEW
Severity: major
Priority: P2
Component: PAM support
AssignedTo:
2005 Feb 01
3
Feature request: FAIL_DELAY-support for sshd
Hello!
My Linux-server is every day attacked with brute-force password cracking
attacks. I use openssh-3.9p1 (SuSE Linux 9.2) with standard setup (PAM,
LoginGraceTime 2m, MaxAuthTries 6). Unfortunately, I see cracking
attempts with very short delays (1 second):
Jan 31 00:46:53 XXX sshd[10774]: Invalid user backup from
::ffff:66.98.176.50
Jan 31 00:46:54 XXX sshd[10776]: Invalid user server
2004 Feb 27
0
PAM patch for openssh 3.7.1p2
SecureComputing's PAM library doesn't pass back the correct context to
the pam_conversation function, i.e. it passes back NULL. So this patch
works around this fact.
likely you'll only want this hack if you expect to use pam_safeword.so
in your authentication check, and only if you run sshd in privilege
separation (separate process) mode so that the PAM conversation is
single
2009 Oct 26
17
[Bug 1667] New: sshd slow connect with 'UseDNS yes'
https://bugzilla.mindrot.org/show_bug.cgi?id=1667
Summary: sshd slow connect with 'UseDNS yes'
Product: Portable OpenSSH
Version: 5.2p1
Platform: All
OS/Version: Linux
Status: NEW
Severity: major
Priority: P2
Component: sshd
AssignedTo: unassigned-bugs at mindrot.org
ReportedBy:
2006 Apr 27
0
bug in OpenSSH_4.3p2: pam_open_session() called but not close for root users
For root sessions pam_open_session is called, but not pam_close_session.
sshd behavior is broken for root logins because if pam session
is run from the child, close is never called due to exec:
on open
since use_privsep is not set, parent calls do_exec_pty(),
which does not open session. then, it skips calling do_setusercontext(),
so it does not open session.
child calls
2011 Oct 20
2
[Bug 1945] New: Only 1 of the 2 krb cache files is removed on closing the ssh connection with UsePrivilegeSeparation=yes
https://bugzilla.mindrot.org/show_bug.cgi?id=1945
Bug #: 1945
Summary: Only 1 of the 2 krb cache files is removed on closing
the ssh connection with UsePrivilegeSeparation=yes
Classification: Unclassified
Product: Portable OpenSSH
Version: 5.8p1
Platform: All
OS/Version: HP-UX
Status: NEW
2003 Oct 28
2
Privilege separation
Hello!
Please consider including the attached patch in the next release. It
allows one to drop privilege separation code while building openssh by using
'--disable-privsep' switch of configure script. If one doesn't use privilege
separation at all, why don't simply allow him to drop privilege separation
support completely?
--
Sincerely Your, Dan.
-------------- next part
2020 Sep 08
23
[Bug 3210] New: Confusing errors when pam_acct_mgmt() fails
https://bugzilla.mindrot.org/show_bug.cgi?id=3210
Bug ID: 3210
Summary: Confusing errors when pam_acct_mgmt() fails
Product: Portable OpenSSH
Version: 8.3p1
Hardware: Other
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: PAM support
Assignee:
2014 Jun 18
15
[Bug 2246] New: PAM enhancements for OpenSSH server
https://bugzilla.mindrot.org/show_bug.cgi?id=2246
Bug ID: 2246
Summary: PAM enhancements for OpenSSH server
Product: Portable OpenSSH
Version: 6.6p1
Hardware: Sparc
OS: Solaris
Status: NEW
Severity: enhancement
Priority: P5
Component: PAM support
Assignee: unassigned-bugs at
2006 Sep 12
3
Weird TZ Behavior in 4.1p1 and 4.3p2 on AIX
Hi,
I am using PAM authentication on 3.8p1. In my PAM auth module I can
turn on debug logging that includes a timestamp in the form "mm/dd/yy
hh:mm:ss". Life is good.
I want to upgrade from 3.8p1 so I can use PAM for PasswordAuthentication
in addition to keyboard-interactive. I have compiled both 4.1p1 and
4.3p2 and the PAM authentication for both methods works fine in both