similar to: PAM_AUTH_ERR messages

Hello sorry, for bothering you with this problem, but I ca't find solutions. I write small PAM module, and I've got the problem with conversation function with OpenSSH 3.5p1. When the message style is PAM_PROMPT_ECHO_ON, or PAM_PROMPT_ECHO_OFF everything is allright. But when I use PAM_TEXT_INFO, or PAM_ERROR_MSG, ssh prints nothing on the client side. Does anyone know the reason of

https://bugzilla.mindrot.org/show_bug.cgi?id=2876 Bug ID: 2876 Summary: PAM_TEXT_INFO and PAM_ERROR_MSG conversation not honoured during PAM authentication Product: Portable OpenSSH Version: 7.7p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5

Hi, I have tested the current snapshot portable release (dated Jan 9 2004). configuration has: UsePAM yes PasswordAuthentication no ChallengeResponseAuthentication yes UsePrivilegeSeparation yes two problems: first pam_motd does not work anymore. second, I needed a quick way to disable normal user logins without disabling admin accounts (members of group wheel). the best option i could come

----- Forwarded message from Andrea Barisani <lcars at infis.univ.trieste.it> ----- Date: Fri, 2 May 2003 14:01:33 +0200 From: Andrea Barisani <lcars at infis.univ.trieste.it> To: openssh at openssh.com Subject: openssh 3.6.1_p2 problem with pam Hi, I've just updated to openssh 3.6.1_p2 and I notice this behaviour: # ssh -l lcars mybox [2 seconds delay] lcars at mybox's

When we installed OpenSSH 2.1.1p4 on our Solaris systems, our users noticed that it did not honor password expiration consistently with other Solaris login services. The patch below is against OpenSSH 2.2.0p1 and adds support for PAM password changes on expiration via pam_chauthtok(). A brief summary of changes: auth-pam.c: * change declaration of pamh to "static pam_handle_t *pamh",

If the info_response code is going to test that the # of responses is < 100, then the info_request code should check that < 100 prompts are sent. It would be rude to send 101 prompts and then fail when the responses come back. I actually think the test should be removed altogether, the limit seems quite arbitrary, but here is a patch to not send > 100 prompts. With this patch, the test

https://bugzilla.mindrot.org/show_bug.cgi?id=3154 Bug ID: 3154 Summary: Issue with showing info and error messages from a blocking PAM module Product: Portable OpenSSH Version: 8.2p1 Hardware: amd64 OS: Linux Status: NEW Severity: minor Priority: P5 Component: PAM

The following is a patch (based on FreeBSD code) which gets kbd-int working with privsep. It moves the kbd-int PAM conversation to a child process and communicates with it over a socket. The patch has a limitation: it does not handle multiple prompts - I have no idea how common these are in real-life. Furthermore it is not well tested at all (despite my many requests on openssh-unix-dev@). -d

https://bugzilla.mindrot.org/show_bug.cgi?id=3481 Bug ID: 3481 Summary: PAM_TEXT_INFO messages are shown twice if they are the last conversation Product: Portable OpenSSH Version: 8.4p1 Hardware: Other OS: Linux Status: NEW Severity: normal Priority: P5 Component:

This isn't related to the snapshot, but mention of it reminded me to submit these changes. I added a few things, and made a couple small changes; here's a list of what the patch includes: - adds a "-1" argument to ssh and ssh.1 to force protocol1, similar to the existing "-2" argument. - adds "-1" and "-2" to scp and scp.1 as well. - adds

Hi, I have a more complex example, but the problem boils down to this FOR-loop not filling in the res-matrix run_rows<-seq(0,1,0.05) run_cols<-seq(0.3,0.6,0.05) res<-matrix(NA,length(run_rows),length(run_cols)) for(i in run_rows) { for(j in run_cols) { res[i,j]=i+j #niether the above, nor res[[i,j]]=i+j work, why? } } Thank you, Serguei

Below is a new PAM kbd-int diff based on FreeBSD's code. This code makes PAM kbd-int work with privilege separation. Contrary to what I have previously stated - it *does* handle multiple prompts. What it does not handle is multiple passes through the PAM conversation function, which would be required for expired password changing. I would really appreciate some additional eyes over the

Guys, I'm having some problems trying to compile Samba-2.2.7a --with-pam. The ./configure works fine but the compile fails. I have no problems --without-pam. Any help would be greately appreciated. Linux SuSE SLES7 on S390, Kernel 2.4.19, Samba 2.2.7a, gcc-2.95.3-62, pam-0.74-34, pam-devel-0.74-34 ./configure \ --prefix=/usr \ --sysconfdir=/etc/samba \ --localstatedir=/var/log/samba \

In OpenSSH 3.6.1p2, pam_open_session() ran with a conversation function, do_pam_conversation(), that fed text to the client. In OpenSSH 3.7.1p2, this is no longer the case: session modules run with a conversation function that just returns PAM_CONV_ERR. This means that simple session modules whose job involves printing text on the user's terminal no longer work: pam_lastlog, pam_mail, and

Hi. One thing that people seem to want to do with PAM is to deny a login immediately without interacting but return a message to the user. (Some platforms implement, eg, /etc/nologin via PAM this way.) Currently, sshd will just deny the login and the user will not be told why. Attached it a patch that return a keyboard-interactive packet with the message in the "instruction"

I tried to compile pam_ldap-184 but it gave lots of error msgs. BTW, I have successfully compiled nss_ldap-255. For pam_ldap, my configure looks like: ./configure --with-ldap-lib=openldap --with-ldap-dir=/usr/local --with-ldap-conf-file=/usr/local/etc/openldap/ldap.conf and the following is the configure output --- start of configure output --- creating cache ./config.cache checking host system

Hi, i use mandrake 8.2 and i have this error when i run the following command (for pam use). I also have the same error on older mandrake's. Is this related to mandrake or what ? Someone has a solution plz ? make nsswitch/pam_winbind.so Compiling nsswitch/pam_winbind.c with -fPIC nsswitch/pam_winbind.c:65: parse error before `*' nsswitch/pam_winbind.c: In function `converse':

Hi All. This patch calls pam_chauthtok() to change an expired password via PAM during keyboard-interactive authentication (SSHv2 only). It is tested on Redhat 8 and Solaris 8. In theory, it should have simply been a matter of calling pam_chauthtok with the PAM_CHANGE_EXPIRED_AUTHTOK flag, it'd only change the password is if it's expired, right? From the Solaris pam_chauthtok man page:

Hello, I''m looking how (if) can I solve the following problem using HTB and iproute2: I need to assing the same bandwidth limit to every client, but the problem is that clients will be random - i.e. I know niether number of clients no IP or MAC addresses. If anybody knows FreeBSD''s ipfw2 - I''m looking for something like "ipfw pipe 150 config mask dst-ip 0xffffffff

bindingIsLocked applied to a locked binding returns a 'logical' that is niether true nor false. Martin > e <- new.env() > e$x <- 1 > e$y <- 2 > lockBinding("x", e) NULL > bindingIsLocked("x", e) [1] TRUE > bindingIsLocked("x", e)==TRUE [1] FALSE > bindingIsLocked("x", e)==FALSE [1] FALSE >