Displaying 20 results from an estimated 600 matches similar to: "Requiring multiple auth mechanisms"
2001 Oct 09
1
TISviaPAM patch
Here is a patch that does TIS auth via PAM. It's controlled by a switch
in the sshd_config. You'd use it by having a PAM module that sets
PAM_PROMPT_ECHO_ON. eg, you could use it with pam_skey or pam_smxs.
The patch is against the 2.9.9p2 distribution.
I'm not on the list, a reply if this patch is accepted would be great.
(But not required, I know some folks have a distaste for
2009 Oct 29
1
Match vs. ChallengeResponseAuthentication?
Hello,
We'd like to allow passwords only from the local network, and allow public key auth from on-campus or off-campus. The server runs SuSE Linux, and we might do the same on RHEL/CentOS & Mac OS X if we can get it to work.
Unfortunately, Match allows PasswordAuthentication but not ChallengeResponseAuthentication. Is there any reason ChallengeResponseAuthentication cannot be
2001 Nov 12
4
Please test -current
Could people please test -current? We will be making a release fairly
soon.
-d
--
| By convention there is color, \\ Damien Miller <djm at mindrot.org>
| By convention sweetness, By convention bitterness, \\ www.mindrot.org
| But in reality there are atoms and space - Democritus (c. 400 BCE)
2002 Jul 25
3
[PATCH] prevent users from changing their environment
We have a system on which users are given a very restricted environment
(their shell is a menu) where they should not be able to run arbitrary
commands. However, because their shell is not statically linked, ld.so
provides a nice clutch of holes for them to exploit. The patch below
adds a new configuration option to sshd which quashes their attempts
to set LD_PRELOAD etc. using ~/.ssh/environment
2001 Nov 20
3
problem with AFS token forwarding
Hello,
I came across an interoperability problem in OpenSSH 3.0p1 and 3.0.1p1
concerning the AFS token forwarding. That means that the new versions are
not able to exchange AFS tokens (and Kerberos TGTs) with older OpenSSH
releases (including 2.9p2) and with the old SSH 1.2.2x. In my opinion this
problem already existed in Openssh 2.9.9p1, but I have never used this
version (I only looked at the
2003 Mar 02
0
[RFC][PATCH] Require S/KEY before other authentication methods.
I need a way to make sshd require S/KEY authentication to succeed before
allowing either password or public-key authentication.
Currently, we can only have S/KEY+password, by using PAM for
authentication, and configuring PAM accordingly. But PAM of course can't
handle SSH public keys.
I thought for a while that ideally we could actually use PAM to tell
sshd what methods of authentication to
2014 Jul 15
3
GSSAPI
If I am trying to build OpenSSH 6.6 with Kerberos GSSAPI support, do I still need to get Simon Wilkinson's patches?
---
Scott Neugroschl | XYPRO Technology Corporation
4100 Guardian Street | Suite 100 |Simi Valley, CA 93063 | Phone 805 583-2874|Fax 805 583-0124 |
2008 Feb 06
2
[PATCH] Out-of-band challenge (OBC) authentication method
This patch (https://bugzilla.mindrot.org/show_bug.cgi?id=1438) creates a
kbdint device that provides a server-based authentication mechanism. The
server generates and emails you a random string when you attempt to
login. You're authenticated if you can correctly answer the challenge.
You can use a regular email account, a pager, cell phone or other email
capable device to receive the
2004 Sep 08
2
Multiple domains
How do I setup Dovecot to read both local UNIX account maildirs and a
separate virtual user area? Or do I need to run two servers?
Daniel
2001 Apr 09
1
input_userauth_request() vs. stateful authmethods
The way things are now, input_userauth_request() calls the authmethod,
and then does a bunch of checks, like the special case for root. If
an authmethod requires a challenge-response conversation, these checks are
skipped, unless they are duplicated by the authmethod. For example, in
auth2-chall.c, some of the code is duplicated (logging, sending the
reply), but the root special case is skipped.
2005 Feb 21
2
Conecting to asterisk server through NAT usingIAX
Hallo
Did you allow udp outgoing on 4569 as well.. i found
udp bit different than
tcp when comming to firewalls
liaan
----- Original Message -----
From: "Bartosz Wegrzyn - asterisk" <junk@lexon.ws>
To: <timebandit001@gmail.com>; "Asterisk Users Mailing
List - Non-Commercial
Discussion" <asterisk-users@lists.digium.com>
Sent: Monday, February 21, 2005 12:29
2009 Oct 02
1
IAX2 Call rejected, CallToken Support required
Hi All,
I am using Asterisk 1.4.26.2 and I am getting the following problem
making connections to this server. My other servers are Version 1.2.x
which have no problems and this 1.4.26.2 server can call the other 1.2.x
servers.
The error is:
chan_iax2.c:4251 handle_call_token: Call rejected, CallToken Support
required. If unexpected, resolve by placing address 192.168.25.250 in
the
2007 Mar 22
1
ChallengeResponseAuthentication defaults to no?
Hello,
I have just installed OpenSSH 4.6p1 and it appears that ChallengeResponseAuthentication is not allowed unless I explicitly set it to "yes" in the sshd_config file. I am using the same config file as I did with 4.5p1 where it was allowed by default. Also, this is OpenSSH package from sunfreeware, but I believe that both versions were compiled with the same options.
Is this the
2001 Apr 06
1
-n vs batch_mode vs batch_flag
How is -n supposed to work? When you say ssh -n, it sets stdin_null_flag
but not batch mode. When the client is choosing authmethods, there is a
batch_flag that is tested to see (presumably) if we are in batch mode or
perhaps if -n has been given. But nothing sets it. It looks like it's
supposed to point to options.batch_mode, but it's never even initialized!
Even if it did point to
2005 Sep 23
2
Multiple authentication databases
Hello,
I'm trying to setup multimple auth. databases with Dovecot 1.0 alpha2.
I wrote in dovecot.conf next lines
(as was described at http://wiki.dovecot.org/moin.cgi/MultipleAuth)
auth_debug = yes
auth_verbose = yes
auth default {
mechanisms = plain
user = root
passdb sql {
args = /usr/local/dovecot/etc/dovecot-mysql.conf
}
passdb pam
2005 Aug 16
1
2nd postgresql server to connect when 1st fail
I need to have mail service working even when my postgresql server
will fail. In postfix i set 2 different servers and if 1st fail,
postfix try to use 2nd. Is there any way to do this in dovecot?
----------------------------------------------------------------------
Zostan internetowa dziewczyna wakacji! > http://link.interia.pl/f18ac
2005 Jan 13
2
Firefly repeats registering to * server
This may not strictly be an asterisk question, but not sure where else
to post ...
I have an Asterisk test server setup with two firefly clients, one on
the local lan and one on an external ip address. Both clients are setup
the same way and voice calls work fine. The asterisk console reports a
"Registered" message for the external client at about one minute
intervals but the
2005 Aug 15
12
Voipbuster blocking Asterisk/IAX connections?
What settings are people using? I've seen the ones from dslreports but
I'm in that lucky group of people that paid the 1 euro just to have it
no longer work. Even after I setup a additional account over the
weekend it still doesn't work. And, of course, etherreal only shows
encrypted traffic so I can't snag any config settings from it.
Any assistance?
-----Original
2005 Feb 24
3
Suggestion: SSHD pseudo/fake mode. Source available.
Hi,
SSH brute force attacks seem to enjoy increasing popularity. Call me an
optimist or a misrouted kind of contributer to the community, but on our
company server I actually go through the logs and report extreme cases
to the providers of the originating IP's. With the increasing number of
these attacks, however, I have now decided that it's better to move the
SSHd to a different
2001 May 08
1
HostbasedAuthentication, and my sillyness
Maybe I just can't read properly, but I just spent the best part of a
day trying to work out why HostbasedAuthentication wouldn't work for
me (with protocol 2 in openssh-2.9p1).
It seems (though maybe there is something wrong with my install), that
after enabling it in the sshd_config it doesn't work, since the client
will not in fact request it (by default).
I was fooled by the