similar to: openssh-3.7p1+ and PAM on OS X

Let me refine my previous question: > Can anyone provide some insight into why the auth-pam module uses a fork in > pthread_create (auth-pam.c)? This completely breaks the ability of one PAM function > to pass data to others via the pam_set_data/pam_get_data functions. Can anyone tell me how to #define USE_POSIX_THREADS when building --with-pam defined? The autoconfig stuff

https://bugzilla.mindrot.org/show_bug.cgi?id=2548 Bug ID: 2548 Summary: Make pam_set_data/pam_get_data work with OpenSSH Product: Portable OpenSSH Version: 7.2p1 Hardware: Sparc OS: Solaris Status: NEW Severity: major Priority: P5 Component: PAM support Assignee:

http://bugzilla.mindrot.org/show_bug.cgi?id=688 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- OtherBugsDependingO| |822 nThis| | Status|NEW |ASSIGNED

Hello, I've developed a custom PAM module which only allows a user to authenticate to the server only if another user of the same machine also authenticates succesfully. It's currently a simple module which also works as a PAM aware application since it authenticates each user with PAM itself. Both the pamtester utility and su can use this module correctly. However, when I try to use

https://bugzilla.mindrot.org/show_bug.cgi?id=2712 Bug ID: 2712 Summary: Add fingerprint of key used for public key authentication to PAM handle Product: Portable OpenSSH Version: -current Hardware: All OS: Linux Status: NEW Severity: enhancement Priority: P5

As many of you know, OpenSSH 3.7.X, unlike previous versions, makes PAM authentication take place in a separate process or thread (launched from sshpam_init_ctx() in auth-pam.c). By default (if you don't define USE_POSIX_THREADS) the code "fork"s a separate process. Or if you define USE_POSIX_THREADS it will create a new thread (a second one, in addition to the primary thread). The

Hi I am trying to write pam_radius module which talks to RADIUS server for aaa. I see sshd checks /etc/passwd for user list. Since RADIUS server has user list, can sshd ignore this check for RADIUS/TACACS+ authentication, Please suggest if there are any flags to control it. I am using the following versions. OpenSSH_6.6p1, OpenSSL 1.0.2n 7 Dec 2017 I see sssd (NAS) being used for such use

On Wed, 2018-01-03 at 13:50 +0530, Sudarshan Soma wrote: > HI, I do see some refernce on it: but seems not closed > https://marc.info/?l=secure-shell&m=115513863409952&w=2 > > http://bugzilla.mindrot.org/show_bug.cgi?id=1215 > > > Is this patch available in latest versions, 7.6? No. It never was. The SSSD is using NSS (Name Service Switch) [1] way of getting

Hello, I have been having issues with x11 forwarding using my linux-mandrake based servers. I checked my XAUTHORITY variable and it was set to ~/.Xauthority ... After reading the mail archives, I found the /tmp/ssh* directory created during my ssh session, and did this: export XAUTHORITY="/tmp/ssh-hzuA1805/cookies" xeyes ...and the X11 forwarding worked! I'm using the

Hi, I know that it is possible to enable or disable compression. I just learned that the protocol would allow for one-way negotiations for things like how to encrypt the traffic, hash it, compress it. http://marc.info/?l=secure-shell&m=103578532423325&w=2 Many people have very asymmetric internet access bandwidth. e.g. 1 mb download, only 100 kb upload Would it not be useful to be able

I've been looking for a while and can't figure out for sure if variables allowed by AcceptEnv are readable by a PAM module. I looked through the openssh source code and found a few calls to pam_putenv(), which looks like the relevant call, but I don't see anything that would copy over AcceptEnv variables. Am I correct that the variables are not available to PAM? I'm

We're using an internal PAM module (Linux) that sets a few environment variables using pam_putenv (on pam_sm_authenticate). In version 3.6.1p1i such variables are visible to the user (as expected), but since 3.7p1 they are not... Is this the expected behaviour? Thanks in advance, Jose ____________________________________________________________________________ Jose A. Rodriguez

I'm getting these over and over again in my dovecot [CVS] logs. I'm using PAM for authentication- something that worked a few weeks ago. Apr 6 15:22:11 [PAM-env] Unknown PAM_ITEM: <XAUTHORITY> Apr 6 15:22:11 [dovecot-auth] PAM pam_putenv: delete non-existent entry; XAUTHORITY dovecot: Apr 06 15:22:16 Warning: Killed with signal 2 dovecot: Apr 06 15:22:16 Error: child 25731 (imap)

Hi, Sorry to post this here again, I already posted it in the users mailing list but haven't got very far. I really need to get this resolved ASAP, as it's causing a big security headache for us. If anyone can help that would be wonderful. The original thread is here: http://marc.info/?l=secure-shell&m=129562817820176&w=2 I am having a very strange problem with SSH. Essentially,

https://bugzilla.mindrot.org/show_bug.cgi?id=1396 Summary: When pam-authentication thread ends, it doesn't call the function pam_end Classification: Unclassified Product: Portable OpenSSH Version: 4.7p1 Platform: All OS/Version: Linux Status: NEW Keywords: patch Severity: normal

http://bugzilla.mindrot.org/show_bug.cgi?id=1007 Summary: sftp client hangs on tru64 5.1A Product: Portable OpenSSH Version: 4.0p1 Platform: Alpha OS/Version: All Status: NEW Severity: normal Priority: P2 Component: sftp AssignedTo: openssh-bugs at mindrot.org ReportedBy: paulstepowski at

I tried to compile pam_ldap-184 but it gave lots of error msgs. BTW, I have successfully compiled nss_ldap-255. For pam_ldap, my configure looks like: ./configure --with-ldap-lib=openldap --with-ldap-dir=/usr/local --with-ldap-conf-file=/usr/local/etc/openldap/ldap.conf and the following is the configure output --- start of configure output --- creating cache ./config.cache checking host system

https://bugzilla.mindrot.org/show_bug.cgi?id=2043 Priority: P5 Bug ID: 2043 Assignee: unassigned-bugs at mindrot.org Summary: memleak in import_environments Severity: trivial Classification: Unclassified OS: All Reporter: arthurmesh at gmail.com Hardware: All Status: NEW Version:

Hi All. Markus has commited the long-awaited GSSAPI patch to OpenBSD's ssh. There are patches. The first [1] is a straightforward port of the OpenBSD code to Portable. The second [2] contains the parts I've stolen from Simon Wilkinson's portable GSSAPI patch in an attempt to make it build. It is incomplete and doesn't currently work. The PAM support is not there and

NOTE: This patch requires a previously sent patch fixing a small problem in OpenSSH PAM support when POSIX threads are used. This is a small patch to the OpenSSH portable configuration process that I'd like to have considered for inclusion in the distributed version. It will set the use of (native) POSIX threads in Solaris if the header and library files are present on the system. At