Displaying 20 results from an estimated 100 matches similar to: "openssh, pam, challenge-response problem"
2005 Aug 19
2
pam_radius fail open?
Okay, I guess I?ll be the first to take Colin Percival up in that the
following statement applies to me:
?If you find a security problem -- or even if you find something which
might possibly be a security problem but you're not certain if it is or
not -- then please let us know.?
I recently installed pam_radius according to the instructions located at
the following address:
2018 Jan 03
2
SSHD and PAM
Hi I am trying to write pam_radius module which talks to RADIUS server for
aaa.
I see sshd checks /etc/passwd for user list. Since RADIUS server has user
list, can sshd ignore this check for RADIUS/TACACS+ authentication, Please
suggest if there are any flags to control it.
I am using the following versions.
OpenSSH_6.6p1, OpenSSL 1.0.2n 7 Dec 2017
I see sssd (NAS) being used for such use
2018 Jan 03
3
SSHD and PAM
On Wed, 2018-01-03 at 13:50 +0530, Sudarshan Soma wrote:
> HI, I do see some refernce on it: but seems not closed
> https://marc.info/?l=secure-shell&m=115513863409952&w=2
>
> http://bugzilla.mindrot.org/show_bug.cgi?id=1215
>
>
> Is this patch available in latest versions, 7.6?
No. It never was.
The SSSD is using NSS (Name Service Switch) [1] way of getting
2001 Oct 09
1
TISviaPAM patch
Here is a patch that does TIS auth via PAM. It's controlled by a switch
in the sshd_config. You'd use it by having a PAM module that sets
PAM_PROMPT_ECHO_ON. eg, you could use it with pam_skey or pam_smxs.
The patch is against the 2.9.9p2 distribution.
I'm not on the list, a reply if this patch is accepted would be great.
(But not required, I know some folks have a distaste for
2016 Feb 13
2
[Bug 2539] New: Add missing sanity check for read_passphrase() in auth-pam.c
https://bugzilla.mindrot.org/show_bug.cgi?id=2539
Bug ID: 2539
Summary: Add missing sanity check for read_passphrase() in
auth-pam.c
Product: Portable OpenSSH
Version: 7.1p1
Hardware: All
OS: All
Status: NEW
Severity: major
Priority: P5
Component: PAM support
2003 Jun 20
1
Problems with conversation functions PAM + OpenSSH
Hello
sorry, for bothering you with this problem, but I ca't find solutions.
I write small PAM module, and I've got the problem with conversation
function with OpenSSH 3.5p1.
When the message style is PAM_PROMPT_ECHO_ON, or PAM_PROMPT_ECHO_OFF
everything is allright. But when I use PAM_TEXT_INFO, or PAM_ERROR_MSG,
ssh prints nothing on the client side. Does anyone know the reason of
2007 Apr 10
6
[PATCH 0/6] openssh V_4_6: minor fixes/cleanups
This patch series consists of minor fixes and cleanups I made during
update to openssh V_4_6 branch.
openssh/auth-pam.c | 9 ++++-----
openssh/auth2.c | 2 --
openssh/readconf.c | 7 ++++---
openssh/servconf.c | 14 ++++++++------
openssh/sftp-server.c | 9 ++++++---
openssh/sshd.c | 2 +-
6 files changed, 23 insertions(+), 20 deletions(-)
--
ldv
2002 Feb 15
0
[Bug 118] New: Implement TIS (protocol 1) via PAM
http://bugzilla.mindrot.org/show_bug.cgi?id=118
Summary: Implement TIS (protocol 1) via PAM
Product: Portable OpenSSH
Version: -current
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P3
Component: sshd
AssignedTo: openssh-unix-dev at mindrot.org
ReportedBy: fcusack at
2002 Apr 26
0
PAM keyboard-interactive
The following patch (relative to -current) makes PAM a proper
kbd-interactive citizen. There are a few limitations (grep for todo), but
the code seems to work OK for protocols 1 & 2 with and without privsep.
Please have a play!
auth2-pam.c is based on code from FreeBSD.
Index: auth2-chall.c
===================================================================
RCS file:
2002 Jul 02
3
New PAM kbd-int diff
Below is a new PAM kbd-int diff based on FreeBSD's code. This code makes
PAM kbd-int work with privilege separation.
Contrary to what I have previously stated - it *does* handle multiple
prompts. What it does not handle is multiple passes through the PAM
conversation function, which would be required for expired password
changing.
I would really appreciate some additional eyes over the
2007 Aug 02
2
radius support
hi,
how to add radius support to asterisk 1.4.5?
i do make menuselect and i do not see any module or option related to
radius, pam, authenticacion or similar.
any ideas?
thanks
2008 Oct 15
0
[Bug 1215] sshd requires entry from getpwnam for PAM accounts
https://bugzilla.mindrot.org/show_bug.cgi?id=1215
--- Comment #12 from Aaron Smith <soccergeek76 at gmail.com> 2008-10-15 16:19:59 ---
Created an attachment (id=1574)
--> (http://bugzilla.mindrot.org/attachment.cgi?id=1574)
Debug output of accounting failure
I am trying to use patches 1171, 1298, and 1300 in conjunction with the
pam_radius library. Authentication works fine, but
2000 Feb 15
0
PAM samba support
However odd it sounds, I would like for smb clients to authenticate off of
a radius server. How would i set up samba to do this?
Would it be:
security = user
and then edit the pam.d/samba file to use the pam_radius authentication
module instead?
Any help is greatly appreciated. Thanx!
====---- - - - - - - - - - ____ __
Scott Fritzinger | \ | |/\ /\
Computing Helpdesk
2012 Mar 02
0
pam and radius config problem
Hi,
I am trying to configure ssh/pam to use freeradius as one of the authentication
sources on a C6 box.
I have freeradius running on a separate box with 2 factor authentication.
Using the radtest utility, I can successfully authenticate. My problem is that
I do not understand how to configure pam to use radius as an auth source and
be sure I am not opening a security hole in my systems.
While
2000 Sep 13
2
auth-pam.c support for pam_chauthtok()
When we installed OpenSSH 2.1.1p4 on our Solaris systems, our users
noticed that it did not honor password expiration consistently with
other Solaris login services.
The patch below is against OpenSSH 2.2.0p1 and adds support for PAM
password changes on expiration via pam_chauthtok(). A brief summary of
changes:
auth-pam.c:
* change declaration of pamh to "static pam_handle_t *pamh",
2002 Jun 25
4
PAM kbd-int with privsep
The following is a patch (based on FreeBSD code) which gets kbd-int
working with privsep. It moves the kbd-int PAM conversation to a child
process and communicates with it over a socket.
The patch has a limitation: it does not handle multiple prompts - I have
no idea how common these are in real-life. Furthermore it is not well
tested at all (despite my many requests on openssh-unix-dev@).
-d
2018 Jan 03
2
SSHD and PAM
Sudarshan Soma wrote:
> Does sssd/NSS has a way to fetch user names from sources like
> RADIUS/TACACS server?
My impression is that while this might be theoretically possible, nobody
does this. Especially it's not clear to me how you would push group
membership to the system. And AFAICS in case of TACACS+ there's also
only a single "role" available (translate this to
2003 Mar 27
0
[Bug 524] Keyboard-interactive PAM back end hides information
http://bugzilla.mindrot.org/show_bug.cgi?id=524
Summary: Keyboard-interactive PAM back end hides information
Product: Portable OpenSSH
Version: -current
Platform: All
OS/Version: All
Status: NEW
Severity: minor
Priority: P2
Component: sshd
AssignedTo: openssh-unix-dev at mindrot.org
2014 Apr 24
0
Help implementing username_format in auth PAM driver
While configuring my server with dovecot I noticed that the PAM
authentication driver does not support the username_format option as
does the password file driver. This didn't seem too hard to implement
so I through together a patch.
As you can see in the attached patch I only modify the username sent
to PAM. Despit doing this I run into the domain lost
2014 Dec 12
0
PATCH - add username_format to the PAM auth module
Hi there,
Other auth modules (eg passwd-file) allow a username_format to be
specified, but not the PAM module.
The use-case, is where I want a static userdb configuration which takes the
domain into account but still want to use PAM for authentication, eg:
userdb {
driver = static
args = uid=8 gid=12 home=/mnt/storage/mail/vhosts/%d/%n
}
passdb {
driver = pam
args = username_format=%n