similar to: Error with USE_POSIX_THREADS and OpenSSH-3.8p1

Hello, We use USE_POSIX_THREADS in our HP-UX build of OpenSSH. When we connect a non-root user with PAM [pam-kerberos] then I get the following error. debug3: PAM: opening session debug1: PAM: reinitializing credentials PAM: pam_setcred(): Failure setting user credentials This is particularly for non-root users with PrivSep YES. When I connect to a root user with PrivSep YES or to a non-root

As many of you know, OpenSSH 3.7.X, unlike previous versions, makes PAM authentication take place in a separate process or thread (launched from sshpam_init_ctx() in auth-pam.c). By default (if you don't define USE_POSIX_THREADS) the code "fork"s a separate process. Or if you define USE_POSIX_THREADS it will create a new thread (a second one, in addition to the primary thread). The

OpenSSH 3.7.1p2 contains an #ifdef USE_POSIX_THREADS and simulates threads by processes if this is not defined. However, configure and config.h do not provide any means to define this. Is this already included for future releases but does not function properly if defined? Or could it be set manually in config.h and would work in Solaris?

There is a minor problem with the PAM support in OpenSSH 3.8p1. If you use POSIX threads (as specified by defining USE_POSIX_THREADS) in auth-pam.c, PAM authentication will fail in routine import_environments(). The purpose of this routine is to import variables returned by do_pam_account() in sshpam_thread(). However, those variable are only exported if USE_POSIX_THREADS is NOT set.

Hello, I have a question about SSH with Kerberos password authentication . Do I receive any host ticket to my client machine when I do ssh connection with Kerberos password authenticaiton? If dont, why? If I login to remote machine through telnet with Kerberos Password authentication [through PAM-kerberos], then I can see the tickets with klist. But with the same setup for sshd, I cannot see

On 8 June 2018 at 11:21, PGNet Dev <pgnet.dev at gmail.com> wrote: > fyi > > add'l -- and looks unrelated -- issue > /usr/include/pthread.h:251:12: note: previous declaration of ?pthread_join? was here > extern int pthread_join (pthread_t __th, void **__thread_return); What included pthread.h? That's explicitly not supported by sshd: $ grep THREAD

Greetings, I know this has been discussed (pretty much since 3.7.1) and I have been going through the archives trying to make sense of it but I am still having problems getting 3.8.1p1 to work with PAM and AFS on Solaris 8. The problem (for those who may have missed it): When I try and log in as an AFS user to a Solaris 8 box running 3.8.1p1, I can authenticate to the machine but do not

Hi All. Attached is another patch that attempts to do pam_chauthtok() via SSH2 keyboard-interactive authentication. It now passes the results from the authentication thread back to the monitor (based on a suggestion from djm). Because of this, it doesn't call do_pam_account twice and consequently now works on AIX 5.2, which the previous version didn't. I haven't tested it on any

NOTE: This patch requires a previously sent patch fixing a small problem in OpenSSH PAM support when POSIX threads are used. This is a small patch to the OpenSSH portable configuration process that I'd like to have considered for inclusion in the distributed version. It will set the use of (native) POSIX threads in Solaris if the header and library files are present on the system. At

Let me refine my previous question: > Can anyone provide some insight into why the auth-pam module uses a fork in > pthread_create (auth-pam.c)? This completely breaks the ability of one PAM function > to pass data to others via the pam_set_data/pam_get_data functions. Can anyone tell me how to #define USE_POSIX_THREADS when building --with-pam defined? The autoconfig stuff

The "--disable-strip" configure option is required as the Solaris9-X86 linker/loader will not be able to load any of the executables and will display a "Killed" message. Similarly, 'ldd' will fail with a "file has insecure interpreter" error message. Performing a loader or ldd test from the OpenSSH installation directory on the compiled executables within the

Hello, This problem is regarding the configuration directive called 'LoginGraceTime'. Problem Description: Tests were done with OpenSSH -3.6.1p2 and 3.7.1p2 on HP-UX. sshd is started with LoginGraceTime as 1 minute.Three windows were used to initiate the ssh client.After launching two clients wait for a sometime without issuing the password so it exceeds the grace period for login.when

http://bugzilla.mindrot.org/show_bug.cgi?id=793 Summary: [RELENG] Bugs blocking 3.8p1 Product: Portable OpenSSH Version: -current Platform: All OS/Version: All Status: NEW Severity: critical Priority: P2 Component: Miscellaneous AssignedTo: openssh-bugs at mindrot.org ReportedBy: dtucker at

http://bugzilla.mindrot.org/show_bug.cgi?id=423 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- OtherBugsDependingO| |627 nThis| | Status|NEW |ASSIGNED ------- Additional

Hi, on my system (Linux 2.6.18.8 - ia64), if a domain write on the xencons before xenconsole is initialized the domain gets back what it wrote. This patch fixes this issue by making raw the pty slave very early. (I suppose it doesn''t happen with linux as a guest because it takes a little bit of time before writing to xencons). Tristan. _______________________________________________

Hi All, Is there a difference in 3.6 and 3.7 implemetaion of ChallengeResponse authentication? Also, what is the impact of setting UsePAM yes and no with respect to this authentication method and expiry passwords. Thanks, Kumaresh --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.576 / Virus Database: 365 - Release Date:

Hello All, We have been successfully using PAM_LDAP authentication with OpenSSH-3.6 on our HP-UX 11.11. When OpenSSH-3.7.1p2 is installed [with Darrens' password expiry patch 26], and when Shadow password bundle is installed on the system, our ssh authentication failed. Even, when the source is compiled without Darren's patch, the same bahaviour is seen and there is no success. When

I believe there is a bug in how AIX handles the KRB5CCNAME environment variable. The symptom occurs when a root user restarts sshd while they have KRB5CCNAME set; all of the resulting client connections will inherit the same KRB5CCNAME variable. This can occur if the admin uses 'ksu' or some other kerberized method of obtaining root privileges. Investigating this problem, I stumbled

> > I should have mentioned this earlier, but the users does not exist > > in /etc/passwd, instead they are in LDAP and when they log in to the > > computer they get some Kerberos tickets for the domain and the file > > system. When printing on 14.04 they get another Kerberos ticket for > > the printing system according to "klist" after they have done

hi everybody, I'm working on an boot image and actually try to get an ssh server working on clients, booting that image over the net. I want to authenticate with my public key on the client, which seems to work fine. The only problem I have is that the sshd couldn't open an console. I've allready tested some things, but didn't fix it, yet. in den dev directory all tty's and