Displaying 20 results from an estimated 90 matches similar to: "SSHD does not cleanup kerberos ticket while root logins"
2003 Aug 10
9
updated gssapi diff
this is the proposed gssapi diff against OpenSSH-current (non-portable).
note: if this goes in, the old krb5 auth (ssh.com compatible) will be
removed.
please comment.
jakob
Index: auth.h
===================================================================
RCS file: /home/hack/jakob/mycvs/sshgss/auth.h,v
retrieving revision 1.1.1.2
retrieving revision 1.3
diff -u -r1.1.1.2 -r1.3
--- auth.h
2012 Jan 31
3
Samba PDC with Windows 7 support request
Dear Samba support team,
I have a question on Samba 3.5.8 please, which is not solved by searching
the forums. I tried all suggested solutions, but nothing take effect.
Situation:
- small public school
- We have Ubuntu Server 11.04 64-bit
- Samba 3.5.8 as PDC
- Windows XP and Windows 7 Pro SP1 clients
- On Windows XP everything works. Login is quick and reliable there.
Problem:
But
2009 May 23
2
Memory leak caused by forwarded GSSAPI credential store
Hi guys
While debugging a GSSAPI memory allocation problem not related to OpenSSH, I found a memory leak in OpenSSH when storing forwarded GSSAPI credentials resulting in a growing process segment for each connection that uses GSSAPI credentials forwarding. What happens is the following:
In the privileged parent, we are calling ssh_gssapi_storecreds() which itself calls
2009 May 23
7
[Bug 1601] New: Memory leak caused by forwarded GSSAPI credential store
https://bugzilla.mindrot.org/show_bug.cgi?id=1601
Summary: Memory leak caused by forwarded GSSAPI credential
store
Product: Portable OpenSSH
Version: 5.2p1
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P2
Component: sshd
AssignedTo: unassigned-bugs at
2003 Apr 08
0
Some problems with Heimdal and AFS
Hello,
My first problem is compilation against Heimdal. It does not work because
of the following:
/products/source/heimdal/heimdal-0.5.1/i386_linux24/lib/roken/../../../lib/r
oken/getprogname.c(.text+0xc):
multiple definition of `get_progname'
openbsd-compat//libopenbsd-compat.a(bsd-misc.o)(.text+0x0):/usr1/ahaupt/open
ssh-3.6.1p1/openbsd-compat/bsd-misc.c:
first defined here
/usr/bin/ld:
2013 Sep 11
0
CentOS at the OpenNebulaConf
Hello everyone,
As you may be aware, we are holding the first OpenNebula Conference
[1] in Berlin, this 24-26 September. The conference is the perfect
place to learn about practical Cloud Computing, aimed at cloud users,
developers, executives and IT managers to help them tackle their
computational and business challenges. The goal is to foster fruitful
and educational discussions around Cloud
2017 Jan 17
2
Question on Kerberos (GSSAPI) auth
On Jan 17, 2017, at 9:57 AM, Douglas E Engert <deengert at gmail.com> wrote:
> On 1/16/2017 2:09 PM, Ron Frederick wrote:
>> I?m working on an implementation of ?gssapi-with-mic? authentication for my AsyncSSH package and trying to get it to interoperate with OpenSSH. I?ve gotten it working, but there seems to be a discrepancy between the OpenSSH implementation and RFC 4462.
2006 Apr 27
0
bug in OpenSSH_4.3p2: pam_open_session() called but not close for root users
For root sessions pam_open_session is called, but not pam_close_session.
sshd behavior is broken for root logins because if pam session
is run from the child, close is never called due to exec:
on open
since use_privsep is not set, parent calls do_exec_pty(),
which does not open session. then, it skips calling do_setusercontext(),
so it does not open session.
child calls
2002 Jul 15
0
[Bug 354] New: sshd with privsep doesn't do pam session setup properly
http://bugzilla.mindrot.org/show_bug.cgi?id=354
Summary: sshd with privsep doesn't do pam session setup properly
Product: Portable OpenSSH
Version: -current
Platform: ix86
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P2
Component: sshd
AssignedTo: openssh-unix-dev at mindrot.org
2002 Sep 11
1
tru64 sia: move call of session_setup_sia() to do_setusercontext(), letting grantpty() and friends handle pty perms
Hi-
Under privsep, I experimented with moving the session_setup_sia() out of
do_child() and into do_setusercontext(), which is where the uids/gids are set
to the final execution user. The call is made with a NULL tty, and this
is functional provided that any later pty allocation uses grantpty() to
set the device permissions. Logging in with this method shows that a utmp
entry does get made for
2018 Nov 29
2
Where to implement user limit settings ?
Hello,
I'm trying to implement setting of user limits (ulimit) in sshd. I'm
not using PAM so I need it in the sshd itself. The task is very simple -
just to put one line calling setup_limits(pw); and link with -lshadow.
But the problem is, where to put this line. I did it in session.c,
in do_child(), like this:
#ifdef HAVE_OSF_SIA
session_setup_sia(pw, s->ttyfd == -1 ? NULL
2003 Jan 09
1
[PATCH] Allow multiple accounts on Windows 9x/Me
Hi,
the following patch by Pierre A. Humblet <Pierre.Humblet at ieee.org>
allows to use more than one uid on 9x/Me boxes which is currently
blocked due to the behaviour of Cygwin's security code. After this
patch is applied to sshd, we can safely change the affected code in
Cygwin.
Thanks,
Corinna
Index: session.c
===================================================================
2004 Jun 29
0
Debian bug #236814: sshd+PAM: MOTD isn't printed when privsep=no
Hi.
If sshd is configured to use PAM and UsePrivilegeSeparation=no or you
are logging is as root, any messages returned by PAM session modules are
not displayed to the user. (Even when the config file has privsep=yes,
logging in as root disables privsep anyway since there's no point, so it
behaves the same way as privsep=no).
I think I've figured out why: when privsep=no,
2006 Jan 04
0
ssh and pam-script
Hello
I've got a problem with pam-script and ssh. pam-script is a module for PAM
that enables execution of given script while pam session opens and/or closes.
I try to use it with ssh while logging in and out: it is kind of login
and logout scripts.
PAM session creation is done in function do_pam_session which is invoked
by do_setusercontext which is invoked by do_child. do_child function
is
2005 Jan 05
3
[Bug 969] early setpcred() stomps on PAM
http://bugzilla.mindrot.org/show_bug.cgi?id=969
Summary: early setpcred() stomps on PAM
Product: Portable OpenSSH
Version: 3.9p1
Platform: All
OS/Version: AIX
Status: NEW
Severity: normal
Priority: P2
Component: sshd
AssignedTo: openssh-bugs at mindrot.org
ReportedBy: dleonard at
2002 Jun 25
3
BSD/OS with privsep
I need this for BSD/OS 4.2 + privsep
perhaps we should not call do_setusercontext() after
chroot().
--- sshd.c.orig Fri Jun 21 03:09:47 2002
+++ sshd.c Tue Jun 25 13:11:03 2002
@@ -548,21 +548,35 @@
/* Change our root directory*/
if (chroot(_PATH_PRIVSEP_CHROOT_DIR) == -1)
fatal("chroot(\"%s\"): %s", _PATH_PRIVSEP_CHROOT_DIR,
strerror(errno));
if
2010 Nov 05
2
test request: SCO with setluid() (i686-pc-sco3.2v5.0.7, possibly others)
Hi all.
I am cleaning up (I hope) one of the nastier pieces of code in openssh:
do_setusercontext which is/was a twisty maze of platform-specific
nested ifdefs. I made a series of changes[1] where I moved each
platform-specific piece into a portable-only file platform.c, which does
not need to be kept in sync with OpenBSD.
The changes did not (I hope!) change the semantics, but there's one
2014 Dec 28
2
Compiling a static openssh server
Hello,
I'm trying to compile a static openssh-server, simply by running:
export LDFLAGS=-static
./configure
make sshd
but the linker shows the warnings I've quoted on the bottom of this mail.
The warnings say that I cannot use NSS functions when statically compiling.
This makes sshd not work because at runtime, every call to getpwnam returns
0.
Do you know a way to compile openssh
2012 Mar 06
6
openssh static build - mission impossible?
I am trying to build a static version of ssh, sshd and sftp, but after banging my head against the wall for the best part of the last 3 days I am about to give up...
Since I plan to use this on an embedded device (building dropbear is *NOT* an option!), I've excluded as many openssh configure options as I can but, ultimately, failed. This is my setup:
export LDFLAGS=' -pie -z relro -z
2002 Jun 25
0
[Bug 298] New: sshd fails to set user context, preventing all logins, also setgroups is failing
http://bugzilla.mindrot.org/show_bug.cgi?id=298
Summary: sshd fails to set user context, preventing all logins,
also setgroups is failing
Product: Portable OpenSSH
Version: -current
Platform: ix86
OS/Version: BSDI
Status: NEW
Severity: major
Priority: P2
Component: sshd