similar to: --with-pam and expired passwords

I'm looking to move some Solaris 2.6 and 7 machines to openssh. Showstopper bug: openssh (up to 3.1p1) doesn't seem to correctly implement expired passwords. Looking back through the archive, it looks like Dave Dykstra submitted a patch for this problem relative to an older version of openssh at least as early as last August:

We recently upgraded to openss 5.8p2 from a somewhat older version. This broke openssh login to ScreenOS devices. These devices don't support PTY allocation. Apparently, ssh now reacts to PTY allocation failure by failing the login. This is a change from the previous behavior. The simple workaround is ssh -T $device. I see in the ChangeLog that some device would hang with PTY allocation

If I scp from/to a server that has a banner using scp -q, it still shows the banner. If I ssh -q to the same server, the banner is skipped. scp -o "LogLevel quiet" does the trick, but is excessively cumbersome. - Morty

Works on my netbsd tinkerbox. NetBSD 5.0.2 NetBSD 5.0.2 (GENERIC) It uses rlimit. Privsep sandbox style: rlimit I also get warnings during make. fmt_scaled.c: In function 'scan_scaled': fmt_scaled.c:84: warning: array subscript has type 'char' fmt_scaled.c:111: warning: array subscript has type 'char' fmt_scaled.c:155: warning: array subscript has type 'char'

http://bugzilla.mindrot.org/show_bug.cgi?id=423 ------- Additional Comments From djm at mindrot.org 2003-03-10 12:06 ------- The patch looks good, but the only thing that makes me wary is the use of signals for IPC. Would it not be possible to do the chauthtok call earlier? E.g. after the call to do_pam_session() in do_exec_pty()? ------- You are receiving this mail because: ------- You

Thanks a lot. I will check it. We do not use kerberos - is it necessary ? Bye, Peer On 03.01.2018 15:15, L.P.H. van Belle via samba wrote: > Hi Peer, > > This is my output, this account testaccount1 was created 2 minutes ago before the tests below. > > passwd testaccount1 > Current Kerberos password: > Enter new Kerberos password: > Retype new Kerberos password: >

Hello All. Attached is an update to my previous patch to make do_pam_chauthtok and privsep play nicely together. First, a question: does anybody care about these or the password expiration patches? Anyway, the "PRIVSEP(do_pam_hauthtok())" has been moved to just after the pty has been allocated but before it's made the controlling tty. This allows the child running chauthtok to

http://bugzilla.mindrot.org/show_bug.cgi?id=808 Summary: segfault if not using pam/keyboard-interactive mech and password's expired Product: Portable OpenSSH Version: 3.8p1 Platform: Sparc OS/Version: Solaris Status: NEW Severity: normal Priority: P2 Component: PAM support

Hi, I am authenticating users on our linux servers using nslcd/pam_ldap. Authentication is fine, however, it is not possible for the user to change the password from the server. Is there a way to make it work ? [Guilherme at server ~]$ passwd Changing password for user Guilherme. passwd: Authentication token manipulation error Oct 8 14:37:53 server passwd: pam_unix(passwd:chauthtok): user

The various pages about samba 4 warn about rough edges, upgrade, file services, and print services. I have some domains that have never had a Windows domain that now need Windows AD authentication. I don't need file services and print services, and upgrade is not a problem. Is samba 4 ready for this use case, or should we still go with Microsoft's AD? Thanks! - Morty

After upgrading to 3.4.0, I can no longer add new users. Any users that were added beforehand work fine. Any users that I attempt to create cannot login (error: NT_STATUS_LOGON_FAILURE). I was able to get one new user account to work (see below), but I cannot add any new users. The server is Ubuntu 9.10 running Samba 3.4.0. I am using: security = user pam password change = yes Updating

Hello! I'm new here and first sorry for my bad english im from germany and years out of school :) I'm Trying to find a way to Play protected blu-rays under linux and finaly i trying to run powerdvd10 demo under wine. but i have now problems that is beyond my means. The installatin of Powerdvd works with errors but it run until the end. the errors come from missing dlls in the system amd

Hi, The Solaris password requirements like a. no empty password b. minimum 6 chars etc for a regualr user are not enforced when a password expired user is changing password at the SSH login prompt. The version of openSSH I am using is 3.8.1 and Solaris 8 is where the sshd is running. Is anybody aware of this problem? Is there some configuration option I can use to enforce these password

Hi all, Is there a straightforward way to enable the none cipher for v1 and v2 in the server? Please include my email address in your reply, as I'm not subscribed to this list. Thanks! Mordy -- Mordy Ovits Network Engineer Bloomberg L.P.

I'm trying to create a free standing VM that doesn't connect to a bridge. This is supposedly do able according to the WIKI: https://libvirt.org/formatdomain.html#elementsNICSEthernet But with a config similar to: <interface type='ethernet'> <target dev='mytap1' managed='no'/> <model type='virtio'/> </interface> When

Hi Rowland, This is a CentOS 6.7 server. I was able to make some progress. I have edited /etc/pam.d/system-auth, and now it looks like: auth required pam_env.so auth sufficient pam_unix.so nullok try_first_pass auth requisite pam_succeed_if.so uid >= 500 quiet auth sufficient pam_ldap.so use_first_pass auth required pam_deny.so account

http://bugzilla.mindrot.org/show_bug.cgi?id=564 ------- Additional Comments From djm at mindrot.org 2003-07-30 11:48 ------- Maybe UsePAM should be a tri-state: "kbd-int", "no" or "always". This is ugly - suggestions wanted. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

Hi, I am having a problem with the issue of changing the password for an expired user (passed -f <user>). The version of Openssh is 2.9.9p3 compiled with gcc 2.95.3, configured --with-pam. The user can login fine when the password is not expired. Once the password is expired the user is connected and told the password has expired and is asked to change it. The user is prompted for the old

greetings, I am setting up Centos 6 i686 remotely, on a new VPS. A problem I have is that I cannot set password for new users. I have created one with useradd -m new_user but when I type passwd new_user this is the result: [root at vps ~]# passwd new_user Changing password for user new_user New password: Retype new password: passwd: Authentication token manipulation error [root at vps

http://bugzilla.mindrot.org/show_bug.cgi?id=423 ------- Additional Comments From michael_steffens at hp.com 2002-11-02 02:40 ------- Created an attachment (id=162) --> (http://bugzilla.mindrot.org/attachment.cgi?id=162&action=view) Patch: Workaround for pw change in privsep mode (3.5.p1) ------- You are receiving this mail because: ------- You are the assignee for the bug, or are