similar to: Solaris password requirements not enforced

Hi. I'm one of the OpenSSH developers, and I've done some of the work on sshd's PAM interface recently. I've discovered some behaviour peculiar to LinuxPAM that I can't explain: changing the conversation function does not appear to work, even though the pam_set_item() call claims to succeed. The previous conversation function is still called. Background: the PAM API

https://bugzilla.mindrot.org/show_bug.cgi?id=2876 Bug ID: 2876 Summary: PAM_TEXT_INFO and PAM_ERROR_MSG conversation not honoured during PAM authentication Product: Portable OpenSSH Version: 7.7p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5

[ Sorry for the length of this; I felt it better to provide potentially too much info, rather than not enough. I've probably missed something that's important, though! ] I have an odd problem with 5.1p on RHEL3 if "UsePAM yes" and "UsePrivilegeSeparation no" is set. The code detects that the user password is aged (according to shadow) but then fails to let me

http://bugzilla.mindrot.org/show_bug.cgi?id=1065 ------- Comment #11 from joss at debian.org 2005-12-06 22:31 ------- Created an attachment (id=1036) --> (http://bugzilla.mindrot.org/attachment.cgi?id=1036&action=view) Debugging output of the issue Finally, here is the output of sshd -ddd. First, in normal operation. Second, when the problem occurs. Third, with an expired password,

Hi All. This patch calls pam_chauthtok() to change an expired password via PAM during keyboard-interactive authentication (SSHv2 only). It is tested on Redhat 8 and Solaris 8. In theory, it should have simply been a matter of calling pam_chauthtok with the PAM_CHANGE_EXPIRED_AUTHTOK flag, it'd only change the password is if it's expired, right? From the Solaris pam_chauthtok man page:

Hi, I have a different behavior using sftp compared to ftp for a user with a user defined shell on a solaris machine. ftp rejects any user having a user defined shell. sftp is allowing the user with user defined shell, unfortunately as the sftp client bails out saying the following message: "Received message too long 537548147" Is it because the user shell, outputting lot of text?

Hi all, I''ve been looking at the performance of my fb app and one glaring issue seems to be with the parsing speed of rexml in processing the results. Has anyone looked into porting the facebooker parser from rexml to libxml? If not, any reason I shouldn''t try? Thanks! Yu-Shan. -------------- next part -------------- An HTML attachment was scrubbed... URL:

http://bugzilla.mindrot.org/show_bug.cgi?id=423 ------- Additional Comments From michael_steffens at hp.com 2002-11-02 02:40 ------- Created an attachment (id=162) --> (http://bugzilla.mindrot.org/attachment.cgi?id=162&action=view) Patch: Workaround for pw change in privsep mode (3.5.p1) ------- You are receiving this mail because: ------- You are the assignee for the bug, or are

Hi folks, I came across this issue on both stock CentOS(v6.4) and Ubuntu(14.04 LTS) and was wondering if any of you have seen it. As far as I can tell this seems like a day-1 bug to me. PROBLEM: If I expire a linux user's password (passwd -e <user>) and then log in via ssh, it will prompt you for a password change. On changing the password successfully, sshd will drop the connection

Hello All. Attached is an update to my previous patch to make do_pam_chauthtok and privsep play nicely together. First, a question: does anybody care about these or the password expiration patches? Anyway, the "PRIVSEP(do_pam_hauthtok())" has been moved to just after the pty has been allocated but before it's made the controlling tty. This allows the child running chauthtok to

Hi, I am writing C++ functions that are to be called via .Call() interface. I'd been using error() (from R.h) to return to R if there is an error, but then I realized that this might be not safe as supposedly error() doesn't throw an exception and therefore some destructors do not get called and some memory may leak. Here is a simple example extern "C" void foo() { string

http://bugzilla.mindrot.org/show_bug.cgi?id=1165 Summary: 'groups' command fails on AIX when logged in as root user via SSH. Product: Portable OpenSSH Version: 4.2p1 Platform: Other OS/Version: AIX Status: NEW Severity: major Priority: P2 Component: Miscellaneous

posting ''facebook.feed.publishActionOfUser'' with {:title=>"<fb:fbml> <fb:name ifcantsee=\"A Hidden User\" linked=\"true\" uid=\"579947937\" /> wrote a <a href=\"http://apps.facebook.com/dailycaption/captions/1273\">caption</a></fb:fbml>",

Hi all, I have a situation where I want to display an error message, and have it fade away after a 2 second delay. My problem is an impatient user could click buttons so fast that multiple Fade effects will be in play. I believe script.aculo.us can supports canceling existing effects before starting a new one, but couldn''t find any examples. I tried something like this but it

Okay, I'm confused again. They way you guys are talking about the conversation routine, it would seem that you think it is a way to fetch something from the user - like a new password. Is this possible? Does calling pam_chauthtok() cause the underlying pam_sm_chauthtok() eventually print something on stdout and read a new password from stdin (the socket to the client) using the conversation

When we installed OpenSSH 2.1.1p4 on our Solaris systems, our users noticed that it did not honor password expiration consistently with other Solaris login services. The patch below is against OpenSSH 2.2.0p1 and adds support for PAM password changes on expiration via pam_chauthtok(). A brief summary of changes: auth-pam.c: * change declaration of pamh to "static pam_handle_t *pamh",

Hello, We use USE_POSIX_THREADS in our HP-UX build of OpenSSH. When we connect a non-root user with PAM [pam-kerberos] then I get the following error. debug3: PAM: opening session debug1: PAM: reinitializing credentials PAM: pam_setcred(): Failure setting user credentials This is particularly for non-root users with PrivSep YES. When I connect to a root user with PrivSep YES or to a non-root

Hi folks, I have a question regarding validates_uniqueness_of, and similar before-filter-like events attempting to guarantee some DB state prior to modification. >From my reading of ActiveRecord, validate_uniqueness_of appears to cause a SELECT on the underlying table attempting to ensure that a record with ID(s) specified in the validates_uniqueness_of statement is not already present, prior

https://bugzilla.mindrot.org/show_bug.cgi?id=2548 Bug ID: 2548 Summary: Make pam_set_data/pam_get_data work with OpenSSH Product: Portable OpenSSH Version: 7.2p1 Hardware: Sparc OS: Solaris Status: NEW Severity: major Priority: P5 Component: PAM support Assignee:

http://bugzilla.mindrot.org/show_bug.cgi?id=188 ------- Additional Comments From Nicolas.Williams at ubsw.com 2002-03-28 02:43 ------- Created an attachment (id=55) Patch to do pw aging in kbd-interactive ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.