similar to: openssh issue with PAM authentication errors

Attached is a patch to be applied with GNU patch -p0, notice that configure needs to be regenerated. The patch addresses the following annoyances: * On AIX there is a signal called SIGDANGER which is sent to all processes when the machine runs low on virtual memory. This patch makes sure that this signal is ignored, because the default on older AIX releases is to kill the running process

http://bugzilla.mindrot.org/show_bug.cgi?id=178 Summary: Content of /etc/nologin isn't shown to users, fix triggers probably AIX bug Product: Portable OpenSSH Version: 3.1p1 Platform: PPC OS/Version: AIX Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo:

Hi All. I've decided to try to merge the -Portable parts of the password expiry patch (see bug #14) that do not depend on the OpenBSD change in bug #463. The attached patch is the first step in this process. It removes the AIX-specific "char *aixloginmsg" and replaces it with a platform-neutral "Buffer loginmsg". I think this is worth having in -Portable even if it

Hi developers, today I tried to disable logins to an ssh server by putting a nologin file into /etc. This only worked for logins that use the password authentication mechanism. publickey-based authentications still succeeded and the users were allowed into the system. This seems straightforward to me since openssh 4.3 disabled the evaluation of /etc/nologin in favour of pam_nologin but

Hi. One thing that people seem to want to do with PAM is to deny a login immediately without interacting but return a message to the user. (Some platforms implement, eg, /etc/nologin via PAM this way.) Currently, sshd will just deny the login and the user will not be told why. Attached it a patch that return a keyboard-interactive packet with the message in the "instruction"

Has anyone else running AIX tried this patch? I'm looking for feedback if it should be applied before we release 2.9p1. - Ben ---------- Forwarded message ---------- Date: Tue, 24 Apr 2001 17:22:02 -0800 (AKDT) From: mikem at alaska.net To: openssh-unix-dev at mindrot.org Subject: Functionality bug (possibly) in openssh on AIX 4.3 Hi Folks, While compiling and testing openssh-2.5.2p2 on

Hi Folks, While compiling and testing openssh-2.5.2p2 on various AIX platforms, I've found that ssh will not accept root (based on ssh key credentials) logins at all if the AIX security features have been set to disallow remote root logins. If I disable the AIX security feature (enable remote root logins), I can then do bad things like rsh, telnet, etc. into the box as root. This deviates

All, I'm trying to use PAM to replicate the authorized user functionality in commercial ssh. In the past, I've patched openssh to do this, but I think that solution is fairly ugly (and requires me to patch with each new release of openssh which is really bad). I want to do this: 0. use openssh for all communication with this machine. 1. check a user's identity using their

Hi all, This is a patch against 4.2p1 (compiling for a Linux --- an old, highly customized 7.2 to be specific). When I compiled it from your original source, installed it, and turned on PAM (for passwd aging), I couldn't get the passwd expiration warnings as specified in /etc/shadow to work at all (the message that is supposed to warn you as you're logging in that your passwd will expire

Hi All. Attached is a patch that converts pam_chauthtok_conv into a generic pam_tty_conv, which is used rather than null_conv for do_pam_session. This allows, for example, display of messages from PAM session modules. The accumulation of PAM messages into loginmsg won't help until there is a way to collect loginmsg from the monitor (see, eg, the patches for bug #463). This is because the

I just spent some time trying to figure out how to get OpenSSH to work correctly with NIS and PAM. It seems to work fine, apart from one minor worry I still have (see below). Feedback about grave security risks are welcome :) This is using RedHat 6.1 with updates and the OpenSSH 1.2.2p1-1 RPM's on the NIS server as well as the client. In short, my configuration is: /etc/nssswitch.conf:

Hi, I have installed samba 3.5.4 on Centos 6 and have set it up to authenticate to a Windows 2008 Domain Controller. When I do a "su - some-domain-user", the home directory gets created. However, I want the home directory to be created when a user accesses the samba shares(no shell access). Following are the relevant configurations. What are the PAM changes I need to make? Help is much

While using Ubuntu 10.10 + Dovecot 1.2.12 + Postfix 2.7.1-1: To enable virtual accounts, I am using the following /etc/dovecot/auth.d/virtualsomename.auth file: passdb passwd-file { args = /etc/dovecot/passwd } userdb static { args = uid=vmail gid=vmail home=/home/vmail/%u } EOT cat /etc/dovecot/passwd looks like this: test:{PLAIN}pass bill:{PLAIN}secret timo at

On AIX 4.3.3 and AIX 5.1, the last successful and unsuccessful logins are no longer printer prior to the motd with either the stock openssh-3.7.1p2 or Darren's openssh-3.7.1p2-pwexp24.patch. In both cases it appears that the loginsuccess() call (auth-passwd.c stock or auth.c Darren's patch) is returning -1 and msg is not appended to loginmsg. /etc/security/lastlog is updated despite

Hello All, Im using OpenSSH 4.2p1. Suppose I disable non-root logins to my system through /etc/nologin file, SSH writes an entry for the non-root user in wtmp file. This is because the writing in wtmp file happens in parent process where checking of nologin file happens in the child one. I like to know whether we should put an entry in wtmp file for such denied logins. Any comments will be

This patch against OpenSSH 3.2.3p1 implements an ssh-agent authentication retry mechanism which is useful when starting many ssh clients in a short period of time. The number of retries and the maximum delay between retries is runtime-configurable using AuthMaxRetries <integer> AuthRetryDelay <seconds> The patch is available at:

My apologies if this has already been discussed. I looked through the mailing list archives and couldn't see any mention of this problem. I compiled and installed openssh-2.3.0p1 on a sparc running SunOS 5.7, and while I was testing it to make sure everything was working properly, I noticed that when I used PAM to authenticate, rather than /bin/login, sshd was not honoring /etc/nologin. I

Hi All. Attached is a patch which adds AIX native password expiry support to sshd. It will only apply to -current and is a subset of the patch I have been working on in the last few months (see bug #14 [1]). It contains code by Pablo Sor, Mark Pitt and Zdenek Tlusty and fixes for bugs reported by many others (see [2] for a full list). It adds a do_tty_change_password function that execs

Here are some patches to re-enable support for AIX's authenticate routines. With them, ssh will honor locked & unlocked accounts, record successful and unsuccessful logins, and deny accounts that are prohibited to log in via the network. Tested with AIX 4.3. It also includes a fix for handling SIGCHLD that may be needed for other platforms (HP-UX 10.20, for example). If I get the time

Hi Everyone, I made some small changes in my dovecot setup to switch it from looking up users and passwords from a mix of ldap (i.e. freeipa) and password files. One of the changes was to switch from using one id for all authentication to using individual ids) It's working fine with Evolution. I have one account authenticating with GSSAPI, which is my userid for logging into my desktop and