similar to: No subject

Attached is a patch that allows for an interactive Kerberos password change via keyboard-interactive, and also reports any banners received from krb5_g_i_c_p() (e.g., password expiration notification if you have krb5-1.2.x patched appropriately). This could probably be refactored a bit and probably done better, but I'm sending this in in case anyone finds it useful. The major drawback is

I took Markus Friedl's advice and set up a KbdintDevice for Kerberos password authentication/expiry. It took me a bit to wrap my head around privsep, but I think it's working properly (code stolen shamelessly from FBSD's PAM implementation :->). The hardest part was working out how to get the interaction between krb5_get_init_creds_password() (along with the prompter) to work

I have everything in place to move to a Samba/Heimdal/OpenLDAP auth database and have just discovered that some of the Windows products we use are required to run on a domain controller. Since domain sync doesn't work between Samba and NT4 it looks like I'm stuck: either ditch all the software we run on domain controllers, stay with our current 2-auth-db system, or move at least our

The attached patch restricts any keyboard-int method from allowing root password authentication. Other methods (bsdauth? I don't even really know what that is) could be added as well. FWIW, it appears that when using the "password" method the code in auth.c is never reached due to the following code in auth-passwd.c: #ifndef HAVE_CYGWIN if (pw &&

This bug causes a segfault when compiled against heimdal, but not MIT krb5. Either way, I think this code is correct. HTH. ---------------------------------------------------------------------- | Jim Hranicky, Senior SysAdmin UF/CISE Department | | E314D CSE Building Phone (352) 392-1499 | | jfh at cise.ufl.edu

Due to difficulties in getting PAM (with krb5) password expiry working consistently on multiple platforms, I'd like to see if I could hack something into auth-krb5.c to do so. Here's a backtrace when stopped in auth_krb5_password: #0 auth_krb5_password (authctxt=0x8e148, password=0x90250 "XXXXXXXX") at auth-krb5.c:270 #1 0x274d8 in auth_password (authctxt=0x8e148,

http://bugzilla.mindrot.org/show_bug.cgi?id=568 Summary: Kerberos password auth/expiry kbdint patch Product: Portable OpenSSH Version: -current Platform: All OS/Version: All Status: NEW Severity: enhancement Priority: P4 Component: sshd AssignedTo: openssh-unix-dev at mindrot.org

http://bugzilla.mindrot.org/show_bug.cgi?id=701 Summary: With 'PermitRootPassword without-password' set, root w/pass can still log in with a using 'keyboard-int/pam' Product: Portable OpenSSH Version: 3.7.1p1 Platform: All OS/Version: All Status: NEW Severity: normal Priority:

I have tried this patch (against 3.5p1) and would very much like it to be in the OpenSSH 3.6p1 release, if possible: http://bugzilla.mindrot.org/show_bug.cgi?id=14 On that note, I'd like the Sun BSM patch to be included also, if possible. I have it working applied to 3.5p1: http://bugzilla.mindrot.org/show_bug.cgi?id=125 In fact, both patches work together, apparently. If I have any

Dear R-Help list: I'm using the Matrix library to operate on 600 X ~5000 element unsymmetrical sparse arrays. So far, so good, but if I find I need more speed or functionality, how hard would it be to utilize other sparse matrix toolsets from within R, say MUMPS, PARDISO or UMFPACK, that do not have explicit R interfaces? More information on these is available here

What I'm trying to do: upload files from my local machine to an rsync server running on a remote host. What I don't know: syntax on how to do this. I initially set the conf file so that I could download from the remote machine to my local machine, the syntax: rsync -azv --delete rsync://user@remote.machine.com:12923:blah destdir This worked fine. So then, I wanted to go the other

*Call for Papers* *IEEE Computing in Science & Engineering* ** *Special Issue on Cloud Computing in Science & Engineering* http://www.computer.org/portal/web/computingnow/cise ** *Submissions due: November 04, 2012* *Estimated Publication date: July/August, 2013* Cloud computing has emerged as a dominant paradigm that has been widely adopted by enterprises. Clouds provide on-demand

*Call for Papers* *IEEE Computing in Science & Engineering* ** *Special Issue on Cloud Computing in Science & Engineering* http://www.computer.org/portal/web/computingnow/cise ** *Submissions due: November 04, 2012* *Estimated Publication date: July/August, 2013* Cloud computing has emerged as a dominant paradigm that has been widely adopted by enterprises. Clouds provide on-demand

> FWIW, here are further patches which allow openssh-3.0p1 to work > with paleo-MIT Kerberos5 1.0.6, more or less (more with tickets > and less with the auth_krb5_password {get,verify}_init_creds stuff). Thanks for these. Unfortunately, your vrs patches seem to be based on an earlier version of my patch than the one you're bundling. In particular, your patch adds back in the

> + * The basic principle of a queue-based spinlock can best be understood > + * by studying a classic queue-based spinlock implementation called the > + * MCS lock. The paper below provides a good description for this kind > + * of lock. > + * > + * http://www.cise.ufl.edu/tr/DOC/REP-1992-71.pdf > + * > + * This queue spinlock implementation is based on the MCS lock,

> + * The basic principle of a queue-based spinlock can best be understood > + * by studying a classic queue-based spinlock implementation called the > + * MCS lock. The paper below provides a good description for this kind > + * of lock. > + * > + * http://www.cise.ufl.edu/tr/DOC/REP-1992-71.pdf > + * > + * This queue spinlock implementation is based on the MCS lock,

On Tue, Jun 17, 2014 at 04:05:31PM -0400, Konrad Rzeszutek Wilk wrote: > > + * The basic principle of a queue-based spinlock can best be understood > > + * by studying a classic queue-based spinlock implementation called the > > + * MCS lock. The paper below provides a good description for this kind > > + * of lock. > > + * > > + *

Hi All. Attached is a patch against OpenBSD, based in part on the owl-always-auth patch. The idea is that the only way out of auth_passwd for the failure case is the "return 0" at the bottom. I don't know if this is a good way to do it or not, it's presented for discussion. Also, I don't think 3.6.1p2 is quite right WRT these timing issues (eg, you get a fast failure

Hi All. I'm looking for some help to merge an outstanding Kerberos credential cache change from OpenBSD into Portable. I don't know enough about Kerberos to figure out how that change should be applied for the non-Heimdal(?) code path. The outstanding diff is attached. Any volunteers? -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4

I recently uploaded a developmental version of the Matrix package, Matrix_0.6-1.tar.gz, to CRAN where it is in the src/contrib/1.9.0/Other directory. It requires some of the packages that will appear in R-1.9.0. This version marks a major redesign of the Matrix package to use S4 classes and methods and to incorporate sparse matrix manipulations using routines from TAUCS