similar to: openssh conversation failure issue on HPUX

Hi. I'm one of the OpenSSH developers, and I've done some of the work on sshd's PAM interface recently. I've discovered some behaviour peculiar to LinuxPAM that I can't explain: changing the conversation function does not appear to work, even though the pam_set_item() call claims to succeed. The previous conversation function is still called. Background: the PAM API

When we installed OpenSSH 2.1.1p4 on our Solaris systems, our users noticed that it did not honor password expiration consistently with other Solaris login services. The patch below is against OpenSSH 2.2.0p1 and adds support for PAM password changes on expiration via pam_chauthtok(). A brief summary of changes: auth-pam.c: * change declaration of pamh to "static pam_handle_t *pamh",

As many of you know, OpenSSH 3.7.X, unlike previous versions, makes PAM authentication take place in a separate process or thread (launched from sshpam_init_ctx() in auth-pam.c). By default (if you don't define USE_POSIX_THREADS) the code "fork"s a separate process. Or if you define USE_POSIX_THREADS it will create a new thread (a second one, in addition to the primary thread). The

Hello, I would like to use PAM. All PAM interaction worked well with openssh-3.5 Now that I have tried to upgrade to 3.7.1p1/p2 the pam_close_session() function won't get invoked. Some debugging shows, that the call is protected by an if-statement (module auth-pam.c, function sshpam_cleanup): if (sshpam_session_open) { pam_close_session(sshpam_handle, PAM_SILENT); /* cb, 26.09.03 */

Hello, I got this problem: I want to mount a directory without providing a login/password [indicaf$]. I thought that "guest ok = yes" would be sufficient. But it not works. What option is the right one to open a share to everyone without a login box in windows ? Thanks. This is my smb.conf (samab v3.0.7): tccwebcom# more smb.conf # Samba config file created using SWAT # from

As has often been mentioned, Solaris (at least 7 and 8) gives a debug1 message on logout: Cannot delete credentials. This occurs when in auth-pam.c, function do_pam_cleanup_proc(), pam_setcred(__pamh, PAM_DELETE_CRED) is called under UID 0. I suggested a patch for this on Nov 22, 2001, based on openssh 2.9.9p2 through 3.0.1p1. [The attempt in my patch to reset to UID 0 by "if (!flag)

Hello All, I'm using OpenSSH 4.3 compiled with PAM support. Im using a proprietary PAM module for my Authentication. When the root user logs out, it throws a message "pam_setcred : Pemission denied" in syslog. The PAM engineer told me that the module can't delete root users credentials. Instead he is asking me to skip the call pam_setcred() in sshpam_cleanup() in auth-pam.c

http://bugzilla.mindrot.org/show_bug.cgi?id=892 Summary: Send output from PAM account modules to user Product: Portable OpenSSH Version: -current Platform: Other OS/Version: All Status: NEW Severity: normal Priority: P2 Component: PAM support AssignedTo: openssh-bugs at mindrot.org

https://bugzilla.mindrot.org/show_bug.cgi?id=1945 Bug #: 1945 Summary: Only 1 of the 2 krb cache files is removed on closing the ssh connection with UsePrivilegeSeparation=yes Classification: Unclassified Product: Portable OpenSSH Version: 5.8p1 Platform: All OS/Version: HP-UX Status: NEW

In do_pam_cleanup_proc(), there are 3 calls to PAM: 1) pam_close_session() - do lastlog stuff 2) pam_setcred(PAM_DELETE_CRED) - delete credentials 3) pam_end() - close PAM It appears that pam_setcred() always fails with the error PAM_PERM_DENIED. This is due to a check done pam_unix.so to not allow a caller with euid 0 to even try to delete their SECURE_RPC credentials. When sshd calls

Hello, I have a little question that, i think, has been sent many times before. I have two machines under two different networks (stccs2 and stccs4). They use samba 2.0.3. When i look in the " network neighborhood " of my NT workstation, i can see stccs2 but not stccs4. Why ? I have this problem with other unix boxes. Here are the beginnings of smb.conf files : # Samba config file

Hello I've got a problem with pam-script and ssh. pam-script is a module for PAM that enables execution of given script while pam session opens and/or closes. I try to use it with ssh while logging in and out: it is kind of login and logout scripts. PAM session creation is done in function do_pam_session which is invoked by do_setusercontext which is invoked by do_child. do_child function is

http://bugzilla.mindrot.org/show_bug.cgi?id=926 Summary: pam_session_close called as user or not at all Product: Portable OpenSSH Version: -current Platform: All URL: http://marc.theaimsgroup.com/?l=openssh-unix- dev&m=106458208520320 OS/Version: All Status: NEW Severity: normal

openssh-2.1.0p2 on HP-UX 11.0 trusted system. One problem is that scp does not exit after a file transfer: stevesk 14074 14073 0 13:21:46 ? 0:00 scp -t . Attaching to the running process with gdb yields: (gdb) bt #0 0xc01ed230 in _read_sys () from /usr/lib/libc.2 #1 0xc01f85e4 in read () from /usr/lib/libc.2 #2 0x8228 in atomicio (f=0x400025c2 <SD$ecb_enc+122>, fd=0,

All - For those installs on crusty old hardware and OS releases, here are patches to fix two OpenSSH problems on sparc redhat 4.2 systems. 1. `Old PAM' #defines different - build fails with undefined symbols when PAM used. 2. Running ssh on sparc hardware results in bus error on some connection negotiations. Unaligned data on call to inet_ntoa() results in bus error.

I've attached two patches. The first just changes the output of "ssh -V" to print that it was built against rsaref if libRSAglue (which is built as part of openssl only when it is built against rsaref) is present at build-time. The second adds appropriate calls to pam_setcred() in sshd. Without them, our systems can't access AFS because the PAM modules only get tokens at a

On Fri, Jun 04, 2004 at 01:20:54PM -0400, Joey Hess wrote: > My colocated server was refusing both ssh and ssl telnet connections. > It looked like this: > > joey:~>ssh -v kite > OpenSSH_3.8.1p1 Debian 1:3.8.1p1-4, OpenSSL 0.9.7d 17 Mar 2004 > debug1: Reading configuration data /home/joey/.ssh/config > debug1: Applying options for kite > debug1: Reading configuration

Hi, stevesk at sweden.hp.com wrote: > Has any progress been made on this issue? I've included an older > message that has a stack trace, which if I recall was still the same in > 2.1.1p1. I can provide a newer trace or additional information if > needed. not really... On a non-trusted system with HP AnsiC it seems to work if changing shutdown(fdin, SHUT_WR) to shutdown(fdin,

http://bugzilla.mindrot.org/show_bug.cgi?id=632 Summary: PAM conversation function does not return when connection is aborted Product: Portable OpenSSH Version: 3.6.1p2 Platform: All URL: http://www.cl.cam.ac.uk/~mgk25/otpw.html#opensshbug OS/Version: Linux Status: NEW Severity: major

>> >Could we please have a clarification on the semantics of >> >PAM_CRED_ESTABLISH vs. the semantics of PAM_REINITIALIZE_CREDS? >> >> My interpretation is: >> >> You call PAM_ESTABLISH_CRED to create them >> You call PAM_REINITIALIZE_CRED to update creds that can expire over time, >> for example a kerberos ticket. Oops. I meant