similar to: SSHD does not cleanup kerberos ticket while root logins

Displaying 20 results from an estimated 90 matches similar to: "SSHD does not cleanup kerberos ticket while root logins"

2003 Aug 10
9
updated gssapi diff
this is the proposed gssapi diff against OpenSSH-current (non-portable). note: if this goes in, the old krb5 auth (ssh.com compatible) will be removed. please comment. jakob Index: auth.h =================================================================== RCS file: /home/hack/jakob/mycvs/sshgss/auth.h,v retrieving revision 1.1.1.2 retrieving revision 1.3 diff -u -r1.1.1.2 -r1.3 --- auth.h
2012 Jan 31
3
Samba PDC with Windows 7 support request
Dear Samba support team, I have a question on Samba 3.5.8 please, which is not solved by searching the forums. I tried all suggested solutions, but nothing take effect. Situation: - small public school - We have Ubuntu Server 11.04 64-bit - Samba 3.5.8 as PDC - Windows XP and Windows 7 Pro SP1 clients - On Windows XP everything works. Login is quick and reliable there. Problem: But
2009 May 23
2
Memory leak caused by forwarded GSSAPI credential store
Hi guys While debugging a GSSAPI memory allocation problem not related to OpenSSH, I found a memory leak in OpenSSH when storing forwarded GSSAPI credentials resulting in a growing process segment for each connection that uses GSSAPI credentials forwarding. What happens is the following: In the privileged parent, we are calling ssh_gssapi_storecreds() which itself calls
2009 May 23
7
[Bug 1601] New: Memory leak caused by forwarded GSSAPI credential store
https://bugzilla.mindrot.org/show_bug.cgi?id=1601 Summary: Memory leak caused by forwarded GSSAPI credential store Product: Portable OpenSSH Version: 5.2p1 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: unassigned-bugs at
2003 Apr 08
0
Some problems with Heimdal and AFS
Hello, My first problem is compilation against Heimdal. It does not work because of the following: /products/source/heimdal/heimdal-0.5.1/i386_linux24/lib/roken/../../../lib/r oken/getprogname.c(.text+0xc): multiple definition of `get_progname' openbsd-compat//libopenbsd-compat.a(bsd-misc.o)(.text+0x0):/usr1/ahaupt/open ssh-3.6.1p1/openbsd-compat/bsd-misc.c: first defined here /usr/bin/ld:
2013 Sep 11
0
CentOS at the OpenNebulaConf
Hello everyone, As you may be aware, we are holding the first OpenNebula Conference [1] in Berlin, this 24-26 September. The conference is the perfect place to learn about practical Cloud Computing, aimed at cloud users, developers, executives and IT managers to help them tackle their computational and business challenges. The goal is to foster fruitful and educational discussions around Cloud
2017 Jan 17
2
Question on Kerberos (GSSAPI) auth
On Jan 17, 2017, at 9:57 AM, Douglas E Engert <deengert at gmail.com> wrote: > On 1/16/2017 2:09 PM, Ron Frederick wrote: >> I?m working on an implementation of ?gssapi-with-mic? authentication for my AsyncSSH package and trying to get it to interoperate with OpenSSH. I?ve gotten it working, but there seems to be a discrepancy between the OpenSSH implementation and RFC 4462.
2006 Apr 27
0
bug in OpenSSH_4.3p2: pam_open_session() called but not close for root users
For root sessions pam_open_session is called, but not pam_close_session. sshd behavior is broken for root logins because if pam session is run from the child, close is never called due to exec: on open since use_privsep is not set, parent calls do_exec_pty(), which does not open session. then, it skips calling do_setusercontext(), so it does not open session. child calls
2002 Jul 15
0
[Bug 354] New: sshd with privsep doesn't do pam session setup properly
http://bugzilla.mindrot.org/show_bug.cgi?id=354 Summary: sshd with privsep doesn't do pam session setup properly Product: Portable OpenSSH Version: -current Platform: ix86 OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: openssh-unix-dev at mindrot.org
2002 Sep 11
1
tru64 sia: move call of session_setup_sia() to do_setusercontext(), letting grantpty() and friends handle pty perms
Hi- Under privsep, I experimented with moving the session_setup_sia() out of do_child() and into do_setusercontext(), which is where the uids/gids are set to the final execution user. The call is made with a NULL tty, and this is functional provided that any later pty allocation uses grantpty() to set the device permissions. Logging in with this method shows that a utmp entry does get made for
2018 Nov 29
2
Where to implement user limit settings ?
Hello, I'm trying to implement setting of user limits (ulimit) in sshd. I'm not using PAM so I need it in the sshd itself. The task is very simple - just to put one line calling setup_limits(pw); and link with -lshadow. But the problem is, where to put this line. I did it in session.c, in do_child(), like this: #ifdef HAVE_OSF_SIA session_setup_sia(pw, s->ttyfd == -1 ? NULL
2003 Jan 09
1
[PATCH] Allow multiple accounts on Windows 9x/Me
Hi, the following patch by Pierre A. Humblet <Pierre.Humblet at ieee.org> allows to use more than one uid on 9x/Me boxes which is currently blocked due to the behaviour of Cygwin's security code. After this patch is applied to sshd, we can safely change the affected code in Cygwin. Thanks, Corinna Index: session.c ===================================================================
2004 Jun 29
0
Debian bug #236814: sshd+PAM: MOTD isn't printed when privsep=no
Hi. If sshd is configured to use PAM and UsePrivilegeSeparation=no or you are logging is as root, any messages returned by PAM session modules are not displayed to the user. (Even when the config file has privsep=yes, logging in as root disables privsep anyway since there's no point, so it behaves the same way as privsep=no). I think I've figured out why: when privsep=no,
2006 Jan 04
0
ssh and pam-script
Hello I've got a problem with pam-script and ssh. pam-script is a module for PAM that enables execution of given script while pam session opens and/or closes. I try to use it with ssh while logging in and out: it is kind of login and logout scripts. PAM session creation is done in function do_pam_session which is invoked by do_setusercontext which is invoked by do_child. do_child function is
2005 Jan 05
3
[Bug 969] early setpcred() stomps on PAM
http://bugzilla.mindrot.org/show_bug.cgi?id=969 Summary: early setpcred() stomps on PAM Product: Portable OpenSSH Version: 3.9p1 Platform: All OS/Version: AIX Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: openssh-bugs at mindrot.org ReportedBy: dleonard at
2002 Jun 25
3
BSD/OS with privsep
I need this for BSD/OS 4.2 + privsep perhaps we should not call do_setusercontext() after chroot(). --- sshd.c.orig Fri Jun 21 03:09:47 2002 +++ sshd.c Tue Jun 25 13:11:03 2002 @@ -548,21 +548,35 @@ /* Change our root directory*/ if (chroot(_PATH_PRIVSEP_CHROOT_DIR) == -1) fatal("chroot(\"%s\"): %s", _PATH_PRIVSEP_CHROOT_DIR, strerror(errno)); if
2010 Nov 05
2
test request: SCO with setluid() (i686-pc-sco3.2v5.0.7, possibly others)
Hi all. I am cleaning up (I hope) one of the nastier pieces of code in openssh: do_setusercontext which is/was a twisty maze of platform-specific nested ifdefs. I made a series of changes[1] where I moved each platform-specific piece into a portable-only file platform.c, which does not need to be kept in sync with OpenBSD. The changes did not (I hope!) change the semantics, but there's one
2014 Dec 28
2
Compiling a static openssh server
Hello, I'm trying to compile a static openssh-server, simply by running: export LDFLAGS=-static ./configure make sshd but the linker shows the warnings I've quoted on the bottom of this mail. The warnings say that I cannot use NSS functions when statically compiling. This makes sshd not work because at runtime, every call to getpwnam returns 0. Do you know a way to compile openssh
2012 Mar 06
6
openssh static build - mission impossible?
I am trying to build a static version of ssh, sshd and sftp, but after banging my head against the wall for the best part of the last 3 days I am about to give up... Since I plan to use this on an embedded device (building dropbear is *NOT* an option!), I've excluded as many openssh configure options as I can but, ultimately, failed. This is my setup: export LDFLAGS=' -pie -z relro -z
2002 Jun 25
0
[Bug 298] New: sshd fails to set user context, preventing all logins, also setgroups is failing
http://bugzilla.mindrot.org/show_bug.cgi?id=298 Summary: sshd fails to set user context, preventing all logins, also setgroups is failing Product: Portable OpenSSH Version: -current Platform: ix86 OS/Version: BSDI Status: NEW Severity: major Priority: P2 Component: sshd