Displaying 20 results from an estimated 800 matches similar to: "auth2-kbdint.c: Is it a bug that it mixes references to options.kbd_interactive_authentication and options.challenge_response_authentication ?"
2003 Mar 02
0
[RFC][PATCH] Require S/KEY before other authentication methods.
I need a way to make sshd require S/KEY authentication to succeed before
allowing either password or public-key authentication.
Currently, we can only have S/KEY+password, by using PAM for
authentication, and configuring PAM accordingly. But PAM of course can't
handle SSH public keys.
I thought for a while that ideally we could actually use PAM to tell
sshd what methods of authentication to
[Bug 1922] New: Disabling ChallengeResponseAuthentication also disables KbdInteractiveAuthentication
2011 Jul 30
0
[Bug 1922] New: Disabling ChallengeResponseAuthentication also disables KbdInteractiveAuthentication
https://bugzilla.mindrot.org/show_bug.cgi?id=1922
Bug #: 1922
Summary: Disabling ChallengeResponseAuthentication also
disables KbdInteractiveAuthentication
Classification: Unclassified
Product: Portable OpenSSH
Version: 5.8p2
Platform: All
OS/Version: All
Status: NEW
Severity: normal
2002 Feb 15
0
[Bug 118] New: Implement TIS (protocol 1) via PAM
http://bugzilla.mindrot.org/show_bug.cgi?id=118
Summary: Implement TIS (protocol 1) via PAM
Product: Portable OpenSSH
Version: -current
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P3
Component: sshd
AssignedTo: openssh-unix-dev at mindrot.org
ReportedBy: fcusack at
2002 Jul 25
3
[PATCH] prevent users from changing their environment
We have a system on which users are given a very restricted environment
(their shell is a menu) where they should not be able to run arbitrary
commands. However, because their shell is not statically linked, ld.so
provides a nice clutch of holes for them to exploit. The patch below
adds a new configuration option to sshd which quashes their attempts
to set LD_PRELOAD etc. using ~/.ssh/environment
2002 Jul 02
3
New PAM kbd-int diff
Below is a new PAM kbd-int diff based on FreeBSD's code. This code makes
PAM kbd-int work with privilege separation.
Contrary to what I have previously stated - it *does* handle multiple
prompts. What it does not handle is multiple passes through the PAM
conversation function, which would be required for expired password
changing.
I would really appreciate some additional eyes over the
2002 Jun 25
4
PAM kbd-int with privsep
The following is a patch (based on FreeBSD code) which gets kbd-int
working with privsep. It moves the kbd-int PAM conversation to a child
process and communicates with it over a socket.
The patch has a limitation: it does not handle multiple prompts - I have
no idea how common these are in real-life. Furthermore it is not well
tested at all (despite my many requests on openssh-unix-dev@).
-d
2002 Apr 26
0
PAM keyboard-interactive
The following patch (relative to -current) makes PAM a proper
kbd-interactive citizen. There are a few limitations (grep for todo), but
the code seems to work OK for protocols 1 & 2 with and without privsep.
Please have a play!
auth2-pam.c is based on code from FreeBSD.
Index: auth2-chall.c
===================================================================
RCS file:
2003 Aug 10
9
updated gssapi diff
this is the proposed gssapi diff against OpenSSH-current (non-portable).
note: if this goes in, the old krb5 auth (ssh.com compatible) will be
removed.
please comment.
jakob
Index: auth.h
===================================================================
RCS file: /home/hack/jakob/mycvs/sshgss/auth.h,v
retrieving revision 1.1.1.2
retrieving revision 1.3
diff -u -r1.1.1.2 -r1.3
--- auth.h
2004 Apr 07
2
Requiring multiple auth mechanisms
I looked around for a while, but couldn't find any code for requiring multiple
authentication mechanisms in openssh. So I wrote an implemention.
I thought at first I should change the PasswordAuthentication,
PubkeyAuthentication, etc. keywords to allow no/yes/required. But there's some
funky stuff in auth2.c with respect to keyboard interactive auth that would make
this kind of
2001 Oct 09
1
TISviaPAM patch
Here is a patch that does TIS auth via PAM. It's controlled by a switch
in the sshd_config. You'd use it by having a PAM module that sets
PAM_PROMPT_ECHO_ON. eg, you could use it with pam_skey or pam_smxs.
The patch is against the 2.9.9p2 distribution.
I'm not on the list, a reply if this patch is accepted would be great.
(But not required, I know some folks have a distaste for
2007 Mar 22
1
ChallengeResponseAuthentication defaults to no?
Hello,
I have just installed OpenSSH 4.6p1 and it appears that ChallengeResponseAuthentication is not allowed unless I explicitly set it to "yes" in the sshd_config file. I am using the same config file as I did with 4.5p1 where it was allowed by default. Also, this is OpenSSH package from sunfreeware, but I believe that both versions were compiled with the same options.
Is this the
2009 Oct 29
1
Match vs. ChallengeResponseAuthentication?
Hello,
We'd like to allow passwords only from the local network, and allow public key auth from on-campus or off-campus. The server runs SuSE Linux, and we might do the same on RHEL/CentOS & Mac OS X if we can get it to work.
Unfortunately, Match allows PasswordAuthentication but not ChallengeResponseAuthentication. Is there any reason ChallengeResponseAuthentication cannot be
2003 May 30
4
[Bug 580] disable kbdint if host key mismatch
http://bugzilla.mindrot.org/show_bug.cgi?id=580
Summary: disable kbdint if host key mismatch
Product: Portable OpenSSH
Version: -current
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P2
Component: ssh
AssignedTo: openssh-bugs at mindrot.org
ReportedBy: fcusack at
2008 Feb 06
2
[Bug 1438] New: Adds an out-of-band challenge (OBC) authentication method ( via kbdint)
https://bugzilla.mindrot.org/show_bug.cgi?id=1438
Summary: Adds an out-of-band challenge (OBC) authentication
method (via kbdint)
Classification: Unclassified
Product: Portable OpenSSH
Version: 4.7p1
Platform: All
OS/Version: Linux
Status: NEW
Keywords: patch
Severity: normal
2011 Mar 09
0
Match and ChallengeResponseAuthentication
Hi,
I'd like to allow PAM authentication only from the local network, and
from the Internet only allow public key authentication.
A similar-enough problem has been discussed on this list previously:
http://www.gossamer-threads.com/lists/openssh/dev/47179?search_string=match%20challengeresponseauthentication;#47179
More specifically, I would like to allow PAM authentication from the
2003 May 15
2
[Bug 568] Kerberos password auth/expiry kbdint patch
http://bugzilla.mindrot.org/show_bug.cgi?id=568
Summary: Kerberos password auth/expiry kbdint patch
Product: Portable OpenSSH
Version: -current
Platform: All
OS/Version: All
Status: NEW
Severity: enhancement
Priority: P4
Component: sshd
AssignedTo: openssh-unix-dev at mindrot.org
2005 Nov 05
3
[Bug 582] Add 'KbdintXORPasswordAuthentication' option.
http://bugzilla.mindrot.org/show_bug.cgi?id=582
djm at mindrot.org changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |WONTFIX
------- Comment #2 from djm at mindrot.org 2005-11-06 03:46 -------
2008 Feb 08
3
[Bug 1439] New: Adds Virtual Token (VToken) authentication method to kbdint
https://bugzilla.mindrot.org/show_bug.cgi?id=1439
Summary: Adds Virtual Token (VToken) authentication method to
kbdint
Classification: Unclassified
Product: Portable OpenSSH
Version: 4.7p1
Platform: All
OS/Version: Linux
Status: NEW
Keywords: patch
Severity: normal
Priority: P2
2008 Feb 08
3
[Bug 1439] New: Adds Virtual Token (VToken) authentication method to kbdint
https://bugzilla.mindrot.org/show_bug.cgi?id=1439
Summary: Adds Virtual Token (VToken) authentication method to
kbdint
Classification: Unclassified
Product: Portable OpenSSH
Version: 4.7p1
Platform: All
OS/Version: Linux
Status: NEW
Keywords: patch
Severity: normal
Priority: P2
2001 Mar 13
0
[PATCH] openssh 2.5.1p2 TIS authserv support
Hi,
We have updated our TIS authserv support patch for OpenSSH 2.5.1p2. You'll
find it attached to my message.
--
Bazsi
PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1
-------------- next part --------------
diff -urN openssh-2.5.1p2/Makefile.in openssh-2.5.1p2-tis/Makefile.in
--- openssh-2.5.1p2/Makefile.in Sun Feb 18 20:13:33 2001
+++