similar to: Extra newlines in sshd login messages

Displaying 20 results from an estimated 4000 matches similar to: "Extra newlines in sshd login messages"

2002 Sep 29
0
[PATCH] Only call loginrestiction on AIX if running as root
Hi All, I have found that the regression tests on AIX failed as a non-root user. This is due to a call to loginrestrictions() failing. The man page for loginrestrictions says: "Access Control:The calling process must have access to the account information in the user database and the port information in the port database." These files are: /etc/security/user,
2003 Jul 05
0
[PATCH] Replace AIX loginmsg with generic Buffer loginmsg
Hi All. I've decided to try to merge the -Portable parts of the password expiry patch (see bug #14) that do not depend on the OpenBSD change in bug #463. The attached patch is the first step in this process. It removes the AIX-specific "char *aixloginmsg" and replaces it with a platform-neutral "Buffer loginmsg". I think this is worth having in -Portable even if it
2004 Jun 16
0
Make AIX login message handling consistent.
Hi. There's a couple of minor problems with the way port-aix.c handles the messages returned by AIX's authentication routines. I think we handle the native ones OK, but third-party modules might behave differently. It tests OK for me, I would appreciate testing by anyone using AIX (esp. anyone using something other than the standard password auth modules). a) The message from a
2004 Jun 29
0
Debian bug #236814: sshd+PAM: MOTD isn't printed when privsep=no
Hi. If sshd is configured to use PAM and UsePrivilegeSeparation=no or you are logging is as root, any messages returned by PAM session modules are not displayed to the user. (Even when the config file has privsep=yes, logging in as root disables privsep anyway since there's no point, so it behaves the same way as privsep=no). I think I've figured out why: when privsep=no,
2003 Nov 13
0
[PATCH] Make PAM chauthtok_conv function into tty_conv
Hi All. Attached is a patch that converts pam_chauthtok_conv into a generic pam_tty_conv, which is used rather than null_conv for do_pam_session. This allows, for example, display of messages from PAM session modules. The accumulation of PAM messages into loginmsg won't help until there is a way to collect loginmsg from the monitor (see, eg, the patches for bug #463). This is because the
2002 Oct 13
1
[PATCH] AIX password expiration
Hi All. With one eye on the do_pam_chauthtok() stuff I've merged contributions by Pablo Sor and Mark Pitt into a patch against -current. I'm interested in testers and suggestions for improvements. The patch extends the loginrestrictions test to include expired accounts (but unlike Mark's patch, doesn't log accounts with expired passwords unless they're locked) and adds
2004 Jun 16
0
Send login messages to stderr not stdout
Hi all. The old (~3.6.x) PAM code used to send PAM messages to stderr, whereas the new generic loginmsg code sends them to stdout, and it sends an extra newline. I think stderr is probably right, but the extra \n should probably be removed either way. -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with
2002 Nov 20
0
[PATCH #9] Password expiration via /bin/passwd.
This is an attempt to simplify the AIX expiry-via-passwd stuff and make it more generic. (There's actually a net reduction in #ifdefs). Patch against CVS: 1) configure finds passwd. 2) sshd uses passwd during session if required. 3) sshd uses passwd for PAM change if privsep disabled. 4) sshd uses Buffers for expire and post-login messages (no longer AIX specific). 5) password_change_required
2003 Oct 12
4
[PATCH]: Call pam_chauthtok from keyboard-interactive.
Hi All. This patch calls pam_chauthtok() to change an expired password via PAM during keyboard-interactive authentication (SSHv2 only). It is tested on Redhat 8 and Solaris 8. In theory, it should have simply been a matter of calling pam_chauthtok with the PAM_CHANGE_EXPIRED_AUTHTOK flag, it'd only change the password is if it's expired, right? From the Solaris pam_chauthtok man page:
2003 Dec 07
0
[PATCH] Do PAM chauthtok via keyboard-interactive.
Hi All. Attached is another patch that attempts to do pam_chauthtok() via SSH2 keyboard-interactive authentication. It now passes the results from the authentication thread back to the monitor (based on a suggestion from djm). Because of this, it doesn't call do_pam_account twice and consequently now works on AIX 5.2, which the previous version didn't. I haven't tested it on any
2003 Nov 13
0
[PATCH] Perform do_pam_chauthtok via SSH2 keyboard-interactive.
Hi All. Attached is a patch to perform pam_chauthtok via SSH2 keyboard-interactive. It should be simpler, but since Solaris seems to ignore the CHANGE_EXPIRED_AUTHTOK flag, it calls do_pam_account to check if it's expired. To minimise the change in behaviour, it also caches the result so pam_acct_mgmt still only gets called once. This doesn't seem to work on AIX 5.2, I don't know
2003 Jul 30
1
[PATCH] Password expiry merge (AIX parts)
Hi All. Attached is a patch introduces password expiry handling for AIX (other platforms to follow). It is more or less the same as the previous patch but has been updated to reflect recent changes to auth-passwd.c I'm wondering if the AIX parts of auth.c should be moved to port-aix.c and if the generic password change functions (currently at the end of auth-passwd.c) belong in a separate
2003 Jul 09
0
[PATCH] Add expired password handling for AIX.
Hi All. Attached is a patch which adds AIX native password expiry support to sshd. It will only apply to -current and is a subset of the patch I have been working on in the last few months (see bug #14 [1]). It contains code by Pablo Sor, Mark Pitt and Zdenek Tlusty and fixes for bugs reported by many others (see [2] for a full list). It adds a do_tty_change_password function that execs
2003 Jan 07
2
Test for locked account in auth.c (bug #442).
Hi Damien, I noticed you merged a couple of ifdefs in the fix for bug #442. The cvs comment says "Fix Bug #442 for PAM case". The code is now roughly: #if !defined(USE_PAM) && defined(HAVE_SHADOW_H) && \ !defined(DISABLE_SHADOW) && defined(HAS_SHADOW_EXPIRE) spw = getspnam(pw->pw_name); passwd = spw->sp_pwdp; #else passwd =
2004 Jun 01
1
Sending immediate PAM auth failure messages via kbd-int
Hi. One thing that people seem to want to do with PAM is to deny a login immediately without interacting but return a message to the user. (Some platforms implement, eg, /etc/nologin via PAM this way.) Currently, sshd will just deny the login and the user will not be told why. Attached it a patch that return a keyboard-interactive packet with the message in the "instruction"
2005 Aug 15
0
OpenSSH LynxOS port
Olli Savia wrote: > The attached patch is a port of the current CVS (2005-08-11) version > of OpenSSH portable to LynxOS. Could you consider adding it to the > future releases of OpenSSH? If the patch needs additional work, please > let me know. Looks mostly reasonable, some comments and questions below. > + AC_DEFINE(LYNXOS_BROKEN_SETVBUF, 1, [LynxOS has broken setvbuf()
2003 Jan 29
0
Snapshots not updating?
Is there a problem with the snapshots? The newest one on ftp.ca.openbsd.org is a week old. -Daz. -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.
2011 Jun 03
1
unconitionally use socketpair?
Does anyone actually use sshd on a system that doesn't have socketpair? It's used elsewhere so the don't-have path seems like it'd never be exercised these days. Index: monitor.c =================================================================== RCS file: /usr/local/src/security/openssh/cvs/openssh/monitor.c,v retrieving revision 1.147 diff -u -p -r1.147 monitor.c --- monitor.c
2004 Nov 16
0
OpenSSH snaps have sftp libedit (command line history/editing) support
Hi All. For a couple of weeks, the Portable snapshots have contained optional support for NetBSD's libedit in the sftp client, thanks to djm's work in OpenBSD. It's enabled with: ./configure --with-libedit. If enabled, sftp gains command history, recall and line editing (and probably other features too, I haven't looked into libedit's capabilities much). If not
2006 Jun 26
1
OpenSSH compatibility with Tru64 version 4.0F?
I am just looking for a quick answer as to whether or not OpennSSH is compatible with Digital Unix Tru64 v 4.0F. Hing Fei Wong Systems Engineer Building 100, M1309 Valley Forge, PA Admin # 4-6242 -----Original Message----- From: Darren Tucker [mailto:dtucker at zip.com.au] Sent: Friday, June 23, 2006 3:53 AM To: Wong, Hing Fei Cc: www at openbsd.org Subject: Re: OpenSSH compatibility with