Displaying 20 results from an estimated 3000 matches similar to: "PermitRootLogin and Tru64 SIA"
2006 Sep 14
3
[PATCH] PermitRootLogin woes
Hi all,
among other things, we provide shell access to various unix based
platforms for our students and university staff. Recently, there has been
increasing number of root login attacks on one particular Tru64 machine
running OpenSSH.
The host is configured with "PermitRootLogin no" but every once in a while
SIA auth with TCB enhanced security locks the root account.
I suppose
2004 Feb 06
1
Tru64 SIA authentication: can it be called after kerberos?
Hi All.
There have recently (well, today :-) been changes to OpenSSH Portable's
auth-passwd.c from OpenBSD to accomodate forced changes of expired
passwords. (Rabid password expirers shoulon't get excited yet, it's
currently bsdauth only, but support for other platforms should start
trickling in shortly).
As part of that, some individual platforms have gained their own
2003 Jan 29
2
PermitRootLogin=yes no longer lets root login
Hi All,
While testing another patch, I found that I could not longer log in as
root, even if PermitRootLogin was yes. It seems to be the following
code in auth_password:
$ cvs diff -r1.48 -r1.49 auth-passwd.c
[snip]
#ifndef HAVE_CYGWIN
- if (pw->pw_uid == 0 && options.permit_root_login != PERMIT_YES)
+ if (pw->pw_uid == 0 && options.permit_root_login !=
2000 Oct 15
1
Patch for Digital Unix SIA authentication
A while back, I sent in a patch that added Digital Unix SIA
authentication to OpenSSH. Well, I just figured out that it didn't
handle everything correctly (locked accounts could still log in). I
thought I had checked that, but I guess I missed it.
Anyway, here is a patch against OpenSSH 2.2.0p1 that fixes this.
--
Chris Adams <cmadams at hiwaay.net>
Systems and Network Administrator
2000 May 03
2
SIA support patches for Tru64 UNIX
I think I'm ready with the SIA (Security Integration Architecture) patches
for Tru64 UNIX. All of the code was written by Tom Woodburn, an engineer
at Compaq. I've only performed integration and testing of the patches with
more help from Tom. Tom's original patches were included in the "other"
ssh. We'd both like to see SIA support get into OpenSSH.
SIA provides PAM-like
2004 Feb 26
14
[Bug 802] sshd of openssh-3.8p1 doesn't link on Tru64.
http://bugzilla.mindrot.org/show_bug.cgi?id=802
Summary: sshd of openssh-3.8p1 doesn't link on Tru64.
Product: Portable OpenSSH
Version: 3.8p1
Platform: Alpha
OS/Version: OSF/1
Status: NEW
Severity: normal
Priority: P2
Component: Build system
AssignedTo: openssh-bugs at mindrot.org
2004 Sep 20
3
[Bug 933] compile problem on tru64 5.1A code outside of a #ifdef that should not be included on tru64
http://bugzilla.mindrot.org/show_bug.cgi?id=933
Summary: compile problem on tru64 5.1A code outside of a #ifdef
that should not be included on tru64
Product: Portable OpenSSH
Version: 3.8p1
Platform: Alpha
OS/Version: OSF/1
Status: NEW
Severity: normal
Priority: P2
Component: Build
2006 Sep 20
2
Tru64 Unix and SIA
I have recently written a (minimal) Tru64 Unix SIA password module for
Dovecot as part of testing a Dovecot installation.
Has anyone else written a Tru64 Unix SIA module?
Is anyone else interested in such a module?
If so, how might I/we go about getting this/such a module into the main
Dovecot source?
Thanks
--
Simon L Jackson
Carringbush.Net
+-
Carringbush.Net
Hosting * Development *
2003 Nov 18
4
3.7.1P2, PermitRootLogin and PAM with hidden NISplus passwor ds
It works for the "yes" case but not for the "without-password" case.
The function that checks (auth_root_allowed(auth_method) is special
cased for "password". The Pam case sends "keyboard-interactive/pam"
which like all other authentication methods except password succeeds.
Here is a patch to make it work for me. Please feel free to criticize
as
2007 Dec 01
2
Tru64 v5.1 with Sia
./configure --with-sia
# ./dovecot --build-options
Build options: ioloop=poll ipv6 openssl
SQL drivers:
Passdb: checkpassword passwd passwd-file
Userdb: checkpassword passwd prefetch passwd-file static
# ./dovecot --version
1.0.8
# ./dovecot -n
# 1.0.8: /usr/local/etc/dovecot.conf
protocols: pop3
listen: *:10100
ssl_disable: yes
disable_plaintext_auth: no
login_dir:
2003 Sep 16
1
OpenSSH 3.7p1, PrivSep, and Tru64 broken (sorry)
Well, I had just finally gotten around to downloading a snapshot to test
the latest on Tru64 a couple of days ago but hadn't had a chance to
build it yet, and 3.7p1 has now been released. Sigh.
The problem is that Tru64 setreuid() and setregid() are broken, so
privsep doesn't work.
This could also be a security problem for SIA authentication in general
(any version of OpenSSH on Tru64,
2001 Mar 20
1
Tru64 UNIX SIA in 2.5.2p1 is hosed
Something really hosed Digital/Tru64 UNIX SIA support in 2.5.2p1. I
haven't been able to figure out what changed in the code, but the
symptom seems to be that the TTY name being registered with SIA is
truncated to eight characters. This apparently prevents it from
matching with entries in the tty database, and the dreaded "Cannot
obtain database information on this terminal
2002 Jul 12
0
[Bug 325] PermitRootLogin forced-commands-only & privsep - not working together
http://bugzilla.mindrot.org/show_bug.cgi?id=325
------- Additional Comments From hlein at progressive-comp.com 2002-07-13 06:14 -------
Seeing this here too; it appears that when auth2.c:userauth_finish is called,
forced_command has been cleared (or perhaps, never set in that forked sshd) so
the call to auth_root_allowed(method) returns 0. The following patch makes
forced-command logins as
2002 Sep 11
1
tru64 sia: move call of session_setup_sia() to do_setusercontext(), letting grantpty() and friends handle pty perms
Hi-
Under privsep, I experimented with moving the session_setup_sia() out of
do_child() and into do_setusercontext(), which is where the uids/gids are set
to the final execution user. The call is made with a NULL tty, and this
is functional provided that any later pty allocation uses grantpty() to
set the device permissions. Logging in with this method shows that a utmp
entry does get made for
2003 Sep 24
1
Patches for compatibility with Heimdal's libsia_krb5 SIA module
I have found the following patches to be desirable for using sshd on a
Tru64 UNIX system with the Kerberos 5 SIA module (libsia_krb5.so) from
Heimdal.
These patches do the following:
1) preserve context between the password authentication and the session
setup phases. This is necessary because the Heimdal SIA module stores
Kerberos context information as mechanism-specific data in
2003 Sep 22
4
[Bug 701] With 'PermitRootPassword without-password' set, root w/pass can still log in with a using 'keyboard-int/pam'
http://bugzilla.mindrot.org/show_bug.cgi?id=701
Summary: With 'PermitRootPassword without-password' set, root
w/pass can still log in with a using 'keyboard-int/pam'
Product: Portable OpenSSH
Version: 3.7.1p1
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority:
2001 Apr 13
0
Fixed patch for Digital Unix SIA
Okay, here is a fixed version of the patch I sent before for fixing the
problems I know about with Digital Unix SIA: displaying too much info
(MOTD, last login, etc.) when access is denied, and the loss of the
error message sometimes when access is denied.
It does break some code out of do_login into a couple of separate
functions. I did this to avoid duplicating the code in a couple of
places.
2005 Apr 03
15
OpenSSH 4.1: call for testing.
Hi All.
OpenSSH 4.1 will be released in the next couple of weeks and we invite
interested parties to test a snapshot.
The changes since 4.0 are mostly bugfixes, for a detailed list see
http://bugzilla.mindrot.org/show_bug.cgi?id=994
Running the regression tests supplied with Portable does not require
installation and is a simply:
$ ./configure && make tests
Testing on suitable
2001 Jun 25
1
Apparent SSH-1.2.27 Rootkit
Hello,
I found this lurking around the web, and thought people who are
running SSH-1.2.27 might be interested.
--
Kevin Sindhu <kevin at tgivan dot com>
Systems Engineer
TGI Technologies Inc. Tel: (604) 872-6676 Ext 321
107 E 3rd Avenue Fax: (604) 872-6601
Vancouver,BC V5T 1C7
Canada.
-------------- next part --------------
Welcome Root Kit SSH distribution v5.0 (by Zelea)
This
2004 Apr 14
1
[Bug 802] sshd configured with SIA doesn't link on Tru64.
http://bugzilla.mindrot.org/show_bug.cgi?id=802
dtucker at zip.com.au changed:
What |Removed |Added
----------------------------------------------------------------------------
OtherBugsDependingO| |821
nThis| |
Summary|sshd of openssh-3.8p1 |sshd configured with SIA