similar to: PAM patch for openssh 3.7.1p2

I've made some changes to buildpkg.sh to make it easier for package builders to add their local changes. I'd like people that use buildpkg.sh to test and comment on these changes before I commit them to CVS. None of the defaults have changed. Some of the patch is is just moving chunks of code to a different location to make some of the enhancements work. Some things you may find

Hello everybody, I have written a shell script that makes the building of a Solaris package of rsync easier. Because I think it is useful for other Solaris user, I wold be very happy, if somebody would include it to the source tree. There is one little things to do: - include it in the auto-configuration process, so that the version number will be set correctly. So far, Jens ----- Script

(Shame on me: wrong filename in last posting, now here are correct diffs) in contrib/solaris/ (openssh-SNAP-20011017.tar.gz) 1) buildpkg.sh makes wrong link for /etc/init.d/opensshd 2) /etc/init.d/opensshd has not-working killproc here my version tested on Solaris 2.4 and 8 (no pgrep with solaris 2.4, XARGS was undefined, simpler syntax) J?rg --- contrib/solaris/buildpkg.sh Fri Oct 12

Can someone else from the Solaris realm that uses our package system verify that this should be done? It looks right, but I want another opinion before commiting. - Ben > On Wed, 27 Feb 2002, Antonio Navarro wrote: > >> Hi Ben, >> >> I have made some modifications to the buildpkg.sh script that is >> distributed with openssh. >> >> I am sending it to

Below is a new PAM kbd-int diff based on FreeBSD's code. This code makes PAM kbd-int work with privilege separation. Contrary to what I have previously stated - it *does* handle multiple prompts. What it does not handle is multiple passes through the PAM conversation function, which would be required for expired password changing. I would really appreciate some additional eyes over the

The following is a patch (based on FreeBSD code) which gets kbd-int working with privsep. It moves the kbd-int PAM conversation to a child process and communicates with it over a socket. The patch has a limitation: it does not handle multiple prompts - I have no idea how common these are in real-life. Furthermore it is not well tested at all (despite my many requests on openssh-unix-dev@). -d

https://bugzilla.mindrot.org/show_bug.cgi?id=1795 Summary: An integer variable "num" in mm_answer_pam_query() is not initialized before used Product: Portable OpenSSH Version: 5.5p1 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: PAM support

Hi, thanks for this great work. Just a minor point - maybe you should mention the rm -rf $FAKE_ROOT command within your README file: It caught me unexpected and I was looking a couple of minutes for the package artifact before I actually read the last line. Regards, Burkhard Kohl Lead Engineer Content Management burkhard.kohl at intershop.de INTERSHOP? http://www.intershop.de INTERSHOP

Hi *, I have set up a very simple asterisk configuration where I intend to be redirected to the voicemail whenever I dial 100 with my kphone SIP client. The problem is that asterisk can not find the stream 'vm-theperson'. I have made a non-standard installation (since I am just testing), and that file is located in /mnt/tr2/fake_root/installed/usr/local/var/lib/asterisk/sounds. 1. How

Hello All, Attached is a patch makes the following changes to contrib/aix relative to 3.1p1: * Gets version number from ssh -V as suggested by Tim Rice. * Does a better job of generating valid AIX package version numbers (fixes inutoc "format of the toc file is invalid" and "invalid level" errors reported by Mandar Mirashi). * Tests for "make install" failure and

Hi all. As Corinna pointed out, there are some cases where sshd will log some authentications twice when privsep=yes. This can happen on any platform although it seems most obvious on the ones that don't do post-auth privsep. It also occurs when sshd logs to stderr (eg running under daemontools) or when you have a /dev/log in the privsep chroot. The patch below attempts to solve this for

As many of you know, OpenSSH 3.7.X, unlike previous versions, makes PAM authentication take place in a separate process or thread (launched from sshpam_init_ctx() in auth-pam.c). By default (if you don't define USE_POSIX_THREADS) the code "fork"s a separate process. Or if you define USE_POSIX_THREADS it will create a new thread (a second one, in addition to the primary thread). The

Hello All, This is a resend of a patch I posted nearly two weeks ago. As of a few minutes ago, it hasn't been committed and thus the AIX package builds from CVS fail. (I know because I now have a cron job that tells me :-) Could someone please review and commit the attached patch and chmod a+x contrib/aix/*.sh, or let me know what needs to be changed? It makes the following changes

http://bugzilla.mindrot.org/show_bug.cgi?id=423 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- OtherBugsDependingO| |627 nThis| | Status|NEW |ASSIGNED ------- Additional

Hi All. While wandering in auth-pam.c I noticed that there's a few Portable-specific escapees from the xmalloc(foo * bar) cleanup. There's also a "probably can't happen" integer overflow in ssh-rand-helper.c with the memset: num_cmds = 64; - entcmd = xmalloc(num_cmds * sizeof(entropy_cmd_t)); + entcmd = xcalloc(num_cmds, sizeof(entropy_cmd_t));

Some time ago, Ben wrote about a PrintLastLog patch: > If the person who originally submitted it wants to write a complete > patch and submit it. Then we would be happy to debate if it will be > included. Well, here it is, because: "You Asked For It!" PS: I'm tired of maintaining my own version of Debian's ssh just to have this option available, so I hope you find

Hey everyone, I wanted to add support for denying PTY allocation through OpenSSH. I'm not certain if this is quite thorough enough for all cases, but for me it might work for the moment. I know that you can currently do this through authorized_keys, but as far as I know that only works for an actual key. In my use case, I wanted a user with no password which is forced to run a specific

I'm using Samba 220, Solaris 2.8/Sparc, Sun Forte C Compiler. I ran ./configure using --with-pam so I could use winbind. During compilation, I get the following warning messages: ............ Compiling passdb/secrets.c Compiling passdb/pass_check.c "passdb/pass_check.c", line 671: warning: statement not reached Compiling passdb/ldap.c Compiling passdb/nispass.c Compiling

Hi. Solaris packages created by buildpkg.sh don't create privsep user or group and sshd won't start until they are created (or privsep is disabled): ## Executing postinstall script. starting /usr/local/sbin/sshd... Privilege separation user sshd does not exist /etc/init.d/opensshd: Error 255 starting /usr/local/sbin/sshd... bailing. The attached patch (against -cvs) ports the relevant

The patch below implements a couple of features which are useful in an environment where users do not have a regular shell login. It allows you to selectively disable certain features on a system-wide level for users with a certain shell; it also allows you to control and audit TCP forwarding in more detail. Our system is an email server with a menu for the login shell; we selectively allow port