Displaying 20 results from an estimated 900 matches similar to: "Puzzled about PAM support in OpenSSH-3.7.1p2"
2003 Dec 14
1
fakepw auth.c question
this is at the bottom of auth.c. What is it?
struct passwd *
fakepw(void)
{
static struct passwd fake;
memset(&fake, 0, sizeof(fake));
fake.pw_name = "NOUSER";
fake.pw_passwd =
"$2a$06$r3.juUaHZDlIbQaO2dS9FuYxL1W9M81R1Tc92PoSNmzvpEqLkLGrK";
fake.pw_gecos = "NOUSER";
fake.pw_uid = -1;
fake.pw_gid = -1;
fake.pw_class =
2006 Oct 27
1
Requirement for sshd account since 4.4p1
Hi,
there's a change made to 4.4p1, which gave some irritation on the Cygwin
mailing list. It's a change from 20060907:
- (djm) [sshd.c auth.c] Set up fakepw() with privsep uid/gid, so it can
be used to drop privilege to; fixes Solaris GSSAPI crash reported by
Magnus Abrante; suggestion and feedback dtucker@
NB. this change will require that the privilege separation user must
2003 Oct 28
2
Privilege separation
Hello!
Please consider including the attached patch in the next release. It
allows one to drop privilege separation code while building openssh by using
'--disable-privsep' switch of configure script. If one doesn't use privilege
separation at all, why don't simply allow him to drop privilege separation
support completely?
--
Sincerely Your, Dan.
-------------- next part
2004 Jul 01
4
[Bug 559] PAM fixes
http://bugzilla.mindrot.org/show_bug.cgi?id=559
------- Additional Comments From dtucker at zip.com.au 2004-07-01 13:40 -------
(From update of attachment 292)
OK, except for the last bit, I think this is all done.
>+#ifdef USE_PAM
>+ options.permit_empty_passwd &&
>+#endif
This is done in auth-passwd.c:
if (*password == '\0' &&
2002 Feb 15
0
[Bug 118] New: Implement TIS (protocol 1) via PAM
http://bugzilla.mindrot.org/show_bug.cgi?id=118
Summary: Implement TIS (protocol 1) via PAM
Product: Portable OpenSSH
Version: -current
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P3
Component: sshd
AssignedTo: openssh-unix-dev at mindrot.org
ReportedBy: fcusack at
2000 Aug 27
0
patch for TIS (skey/opie) *and* passwd auth via PAM
Hello,
appended is a patch that makes it possible to use PAM both for
password authentication and TIS (i.e. s/key or opie or any other
interactive challenge/response scheme). I have developed this starting
from the patch at http://www.debian.org/Bugs/db/61/61906.html on
Debian with openssh-2.1.1p4-3. After configuring ssh with
--with-pam-tis, there are two PAM services, "sshd" and
2002 Nov 24
1
[PATCH] PamServiceNameAppend
Hello,
Here's the situation I'm facing : I'm running OpenSSH on a server. On
a gateway, I forward TCP:22 to the server TCP:22. So far, so good. I can
log in from inside the lan by connecting using standard SSH port, or
from the other network through the gateway.
Now, I'd like a different configuration for connections from the
outside. I start another SSHd on the
2012 Feb 04
8
Potential memory leak in sshd [detected by melton]
Hi all,
After the memory leaks (bug 1967
<https://bugzilla.mindrot.org/show_bug.cgi?id=1967>) I reported in
bugzilla are fixed,
I also applied melton(http://lcs.ios.ac.cn/~xuzb/melton.html)
to detect the potential bugs in sshd (openssh-5.9p1).
The url below is the index of bug reports that are checked as real
bugs manually.
2011 Nov 22
2
user creation before authentication
Hi,
I am working on the following SSH solution and I need some help:
1. User ssh against my node where he/she does not have an account
2. Firstly the node synchronize its user database from a remote db
with ldap. (just refresh the database, no authentication here)
3. Authenticate the user with a PAM module
I am using my synchronisation script as a PAM module but it seems that
the authentication
2002 Jul 30
0
patch: disable credential forwarding after password auth.
Dear list,
since the order of authentication and AFS token/KRB TGT forwarding
changed (around 3.0), we have had problems with users accidentally
overwriting their credentials from a "password" login with forwarded
credentials. E.g. user A logs in as user B, but stays with the AFS
permissions of user A. A workaround is to use "-k" on these sessions,
but "it worked without
2002 Dec 05
1
patch to add a PAMServiceName config option
I append a patch against openssh-3.5p1.tar.gz which adds a config option
PAMServiceName. The option allows one to specify the PAM service at
runtime in the config file rather than using __progname or having it
hardwired to SSHD_PAM_SERVICE at compile time. I expect this to be useful
if one wants to run multiple instances of sshd using different PAM
configurations.
With this patch
2002 Jun 27
1
[PATCH] kbdintctxt->nreq test
If the info_response code is going to test that the # of responses is < 100,
then the info_request code should check that < 100 prompts are sent. It
would be rude to send 101 prompts and then fail when the responses come
back.
I actually think the test should be removed altogether, the limit seems
quite arbitrary, but here is a patch to not send > 100 prompts. With
this patch, the test
2002 Nov 20
0
[PATCH #9] Password expiration via /bin/passwd.
This is an attempt to simplify the AIX expiry-via-passwd stuff and make
it more generic. (There's actually a net reduction in #ifdefs).
Patch against CVS:
1) configure finds passwd.
2) sshd uses passwd during session if required.
3) sshd uses passwd for PAM change if privsep disabled.
4) sshd uses Buffers for expire and post-login messages (no longer AIX
specific).
5) password_change_required
2003 Jan 07
2
Test for locked account in auth.c (bug #442).
Hi Damien,
I noticed you merged a couple of ifdefs in the fix for bug #442. The
cvs comment says "Fix Bug #442 for PAM case". The code is now roughly:
#if !defined(USE_PAM) && defined(HAVE_SHADOW_H) && \
!defined(DISABLE_SHADOW) && defined(HAS_SHADOW_EXPIRE)
spw = getspnam(pw->pw_name);
passwd = spw->sp_pwdp;
#else
passwd =
2003 Jul 09
0
[PATCH] Add expired password handling for AIX.
Hi All.
Attached is a patch which adds AIX native password expiry support to
sshd. It will only apply to -current and is a subset of the patch I have
been working on in the last few months (see bug #14 [1]). It contains
code by Pablo Sor, Mark Pitt and Zdenek Tlusty and fixes for bugs reported
by many others (see [2] for a full list).
It adds a do_tty_change_password function that execs
2007 Oct 22
5
How to hook into model attribute changes?
Hi,
What''s the best way to hook into any changes made to the value of a
single model attribute? I need to know when the encrypted_password
attribute on my User model changes i.e. when the user has changed their
password. I''m not interested in the actual changed value, I just need to
know when it''s been changed so that I can regenerate their API key as
well.
Thanks in
2004 Sep 07
0
Please review openssh patch for selinux
As posted, here is an updated patch which allows openssh to be built
with non-selinux config.
(Hi openssh guys, forwarding this to you incase you interested including
it into the devel version of openssh. Please let us know if you have any
suggestions or changes that need to be made)
Regards
Nigel Kukard
On Thu, Sep 02, 2004 at 04:11:54PM -0400, Daniel J Walsh wrote:
> New SSH patch.
>
2003 Nov 18
4
3.7.1P2, PermitRootLogin and PAM with hidden NISplus passwor ds
It works for the "yes" case but not for the "without-password" case.
The function that checks (auth_root_allowed(auth_method) is special
cased for "password". The Pam case sends "keyboard-interactive/pam"
which like all other authentication methods except password succeeds.
Here is a patch to make it work for me. Please feel free to criticize
as
2000 Oct 07
0
OpenSSH changes for BSD/OS
The following are patches against openssh 2.1.1p4 to add
support for the BSD_AUTH authentication mechanisms. It allows the
use of non-challenge/response style mechanisms (which styles are
allowed my be limited by appropriate auth-ssh entries in login.conf).
The patches also add support for calling setusercontext for the
appropriate class when called with a command (so that the PATH, limits,
2002 Feb 12
1
openssh + pam errors (fwd)
heres a fix for pam support im openssh, inline and attached.. openssh
calls do_pam_session early, before a fork(). it does this on the proc
still running as root, so it checks the users limits, against what root
has running, and depending on limits can fail at the fork() (and almost
always does). this patch moves it past the fork. ive been running it for
a couple of weeks and everything seems