Displaying 20 results from an estimated 1000 matches similar to: "pam_setcred fails for "USE_POSIX_THREADS + non-root users + PrivSep yes""
2003 Oct 29
4
Fix for USE_POSIX_THREADS in auth-pam.c
As many of you know, OpenSSH 3.7.X, unlike previous versions, makes
PAM authentication take place in a separate process or thread
(launched from sshpam_init_ctx() in auth-pam.c). By default (if you
don't define USE_POSIX_THREADS) the code "fork"s a separate process.
Or if you define USE_POSIX_THREADS it will create a new thread (a
second one, in addition to the primary thread).
The
2005 May 22
3
[Bug 926] pam_session_close called as user or not at all
http://bugzilla.mindrot.org/show_bug.cgi?id=926
dtucker at zip.com.au changed:
What |Removed |Added
----------------------------------------------------------------------------
OtherBugsDependingO|994 |
nThis| |
------- Additional Comments From dtucker at zip.com.au 2005-05-22 11:03 -------
2003 Aug 24
12
[Bug 423] Workaround for pw change in privsep mode (3.5.p1)
http://bugzilla.mindrot.org/show_bug.cgi?id=423
dtucker at zip.com.au changed:
What |Removed |Added
----------------------------------------------------------------------------
OtherBugsDependingO| |627
nThis| |
Status|NEW |ASSIGNED
------- Additional
2004 Jan 14
18
[Bug 789] pam_setcred() not being called as root
http://bugzilla.mindrot.org/show_bug.cgi?id=789
Summary: pam_setcred() not being called as root
Product: Portable OpenSSH
Version: 3.7.1p2
Platform: ix86
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P2
Component: PAM support
AssignedTo: openssh-bugs at mindrot.org
ReportedBy:
2004 Jan 14
18
[Bug 789] pam_setcred() not being called as root
http://bugzilla.mindrot.org/show_bug.cgi?id=789
Summary: pam_setcred() not being called as root
Product: Portable OpenSSH
Version: 3.7.1p2
Platform: ix86
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P2
Component: PAM support
AssignedTo: openssh-bugs at mindrot.org
ReportedBy:
2016 Mar 07
2
[Bug 2549] New: [PATCH] Allow PAM conversation for pam_setcred for keyboard-interactive authentication
https://bugzilla.mindrot.org/show_bug.cgi?id=2549
Bug ID: 2549
Summary: [PATCH] Allow PAM conversation for pam_setcred for
keyboard-interactive authentication
Product: Portable OpenSSH
Version: 7.1p2
Hardware: Sparc
OS: Solaris
Status: NEW
Severity: enhancement
Priority: P5
2004 May 04
3
Error with USE_POSIX_THREADS and OpenSSH-3.8p1
Hello,
I am using OpenSSH-3.8p1 on HP-UX machine with USE_POSIX_THREADS option.
This is for making the kerberos credentials file to be created in the system
with PAM. In OpenSSH versions 3.5 when authentication is done with pam
kerberos, a /tmp/krb5cc_X_Y file is created on the server side. But the
KRB5CCNAME variable is not set by default. So, after we manually set this
environment variable, the
2003 Sep 30
2
auth-pam.c, USE_POSIX_THREADS
OpenSSH 3.7.1p2 contains an #ifdef USE_POSIX_THREADS and simulates threads
by processes if this is not defined. However, configure and config.h do not
provide any means to define this. Is this already included for future
releases but does not function properly if defined? Or could it be set
manually in config.h and would work in Solaris?
1999 Dec 28
0
Patches to report rsaref build and to call pam_setcred
I've attached two patches. The first just changes the output of "ssh -V"
to print that it was built against rsaref if libRSAglue (which is built
as part of openssl only when it is built against rsaref) is present at
build-time. The second adds appropriate calls to pam_setcred() in sshd.
Without them, our systems can't access AFS because the PAM modules only
get tokens at a
2000 Sep 13
2
auth-pam.c support for pam_chauthtok()
When we installed OpenSSH 2.1.1p4 on our Solaris systems, our users
noticed that it did not honor password expiration consistently with
other Solaris login services.
The patch below is against OpenSSH 2.2.0p1 and adds support for PAM
password changes on expiration via pam_chauthtok(). A brief summary of
changes:
auth-pam.c:
* change declaration of pamh to "static pam_handle_t *pamh",
2001 Oct 12
2
bug report: last login time vs PAM in portability release
on hp-ux 11 i see:
$ date;ssh jenny
Fri Oct 12 14:44:13 PDT 2001
Last successful login for stevesk: Fri Oct 12 10:45:42 PST8PDT 2001 on pts/2
Last unsuccessful login for stevesk: Mon Sep 24 22:55:53 PST8PDT 2001
Last login: Fri Oct 12 10:45:43 2001 from 172.31.1.53
You have mail.
so solaris PAM is different. can other solaris+PAM users confirm this?
On Fri, 12 Oct 2001, Benn Oshrin wrote:
2002 Dec 21
6
[PATCH] PAM chauthtok + Privsep
Hello All.
Attached is an update to my previous patch to make do_pam_chauthtok and
privsep play nicely together.
First, a question: does anybody care about these or the password
expiration patches?
Anyway, the "PRIVSEP(do_pam_hauthtok())" has been moved to just after
the pty has been allocated but before it's made the controlling tty.
This allows the child running chauthtok to
2001 Sep 06
1
lastlog on Solaris with PAM (patch included)
On Solaris, the pam_unix module includes a pam_session which updates the
lastlog file. Since OpenSSH calls pam_session before reading the lastlog
file, SSH logins to systems with this configuration (as well as similar
ones, I'd imagine) report the last login time and remote host as the values
from the current session.
My solution to this problem is to call pam_open_session in the child,
2015 Apr 13
1
[Bug 2380] New: [PATCH] Optionally allow pam_setcred to override gid
https://bugzilla.mindrot.org/show_bug.cgi?id=2380
Bug ID: 2380
Summary: [PATCH] Optionally allow pam_setcred to override gid
Product: Portable OpenSSH
Version: -current
Hardware: All
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: PAM support
Assignee:
2001 Oct 23
2
PAM problem - sshd segfault on Solaris
I'm using OpenSSH-2.9.9p2 on Solaris 8 sparc64. 2.9p2 worked fine, but
2.9.9p2+ is giving me trouble with one thing - sshd segfaults if I try to
connect and execute a command, such as "ssh machine ls". Otherwise it
works great. sshd will fork, and the child process segfaults.
CVS snapshot does the same thing.
I've narrowed this down somewhat. It will only happen if you use
2003 Jun 04
3
pam_setcred() without pam_authenticate()?
Should pam_setcred() be called if pam_authenticate() wasn't called?
I would say not; both of these functions are in the authenticate
part of pam.
It seems the the 'auth' part of pam config controls which modules get
called, so if you didn't to _authenticate() you shouldn't do _setcred().
thx
/fc
2002 Dec 10
5
[PATCH] Password expiry with Privsep and PAM
Hi All.
Attached is a patch that implements password expiry with PAM and
privsep. It works by passing a descriptor to the tty to the monitor,
which sets up a child with that tty as stdin/stdout/stderr, then runs
chauthtok(). No setuid helpers.
I used some parts of Michael Steffens' patch (bugid #423) to make it
work on HP-UX.
It's still rough but it works. Tested on Solaris 8 and
2001 Aug 28
1
OpenSSHd barfs upon reauthentication: PAM, Solaris 8
We've been having trouble with OpenSSH 2.9p2, running on Solaris 8
(a domain of an E10k), with PAM authentication turned on. It
intermittently crashes with signal 11 (seg fault) after the password
is entered, after the MOTD is displayed, but before control is passed
over to the login shell. I eventually managed to persuade sshd's child
process to consistently crash, upon entry of an
2015 May 14
1
[Bug 2399] New: openssh server should fatal out when pam_setcred and pam_open_session fail
https://bugzilla.mindrot.org/show_bug.cgi?id=2399
Bug ID: 2399
Summary: openssh server should fatal out when pam_setcred and
pam_open_session fail
Product: Portable OpenSSH
Version: 6.8p1
Hardware: Sparc
OS: Solaris
Status: NEW
Severity: normal
Priority: P5
2009 Jun 29
2
configure dovecot to invoke pam_setcred() from the same process that accesses ~/Maildir?
Hello. I'm wondering how one would go about configuring dovecot to
invoke pam_setcred() from the same process as (or a parent process of)
the process which eventually reads the user's mail off the disk. This
is required for pam modules that set kernel-level credentials which
are later used to access the user's mail files.
In particular, I'm trying to use dovecot with pam_krb5