similar to: samba-pam authentication

I'm working with the latest code (pre14) with some patches I've made to get a clean compile. Running the sshd I get a segfault inside of pam_open_session. Figured I'd get a look at the data structures. I can't find them. There's a #typedef struct pam_handle pam_handle_t; in security/pam_appl.h, but I can't find a reference for pam_handle. Am I on drugs? Also, has

Can't compile sshd.c because of pam errors. The errors are attached below, and I apologize for the >75 chars a line. RH4.2, with the latest updates, runs pam-0.57-5. I could upgrade PAM from source, but I'd probably break other programs. gcc -g -O2 -Wall -I/usr/local/ssl/include -DETCDIR=\"/etc/ssh\" -DSSH_PROGRAM=\"/usr/bin/ssh\"

Hi Everybody, We are integrating samba,kerberos and ldap samba-3.0.2a sun kerberos sun ldap all the three servers are on three different solaris machines. we were able to successfully integrate samba and ldap and works fine. When trying to bring in kerberos support , we changed the samba configuration file as follows interfaces = 131.183.20.96 bind interfaces only

Hi Everybody, We are working on samba 3.0.2a with sun kerberos SEAM and Netscape iDirectory Server support. We are able to integrate samba with ldap support. we tried integrater kerberos for authentication. We found a solution using pam via pam_krb5 module provided by the sun solaris 8. One important fact we found out using samba pam authentication, it directly calls for an account

When we installed OpenSSH 2.1.1p4 on our Solaris systems, our users noticed that it did not honor password expiration consistently with other Solaris login services. The patch below is against OpenSSH 2.2.0p1 and adds support for PAM password changes on expiration via pam_chauthtok(). A brief summary of changes: auth-pam.c: * change declaration of pamh to "static pam_handle_t *pamh",

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Time for a new cifs-utils release! The big bullet point in this release is a new pam_cifscreds module that has been added by Orion Poplawski. This release also cleans some unused cruft out of some of the binaries so they're quite a bit smaller now and fixes a few bugs that Coverity turned up. Go forth and download! webpage:

I've attached two patches. The first just changes the output of "ssh -V" to print that it was built against rsaref if libRSAglue (which is built as part of openssl only when it is built against rsaref) is present at build-time. The second adds appropriate calls to pam_setcred() in sshd. Without them, our systems can't access AFS because the PAM modules only get tokens at a

On Mon, 22 Nov 1999, Philip Brown wrote: > [ Marc G. Fournier writes ] > > debug("PAM_retval(open_session) about to run"); > > pam_retval = pam_open_session((pam_handle_t *)pamh, 0); > > > > > =========================================== > > > > so, its looking like I'm authenticated properly, but when trying to set up > > the

Hi, There have been a bunch of useful submissions for the compare /contrast thread. To reduce the load on your mailbox, they are gathered here in one go... Roger. Date: Wed, 28 Oct 1998 15:11:37 +0000 From: "David L. Sifry" <dsifry@linuxcare.com> To: "Matthew S. Crocker" <matthew@crocker.com> CC: Rob Bringman <rob@trion.com>,

Currently, OpenSSH prints the message: "Warning: You password has expired, please change it now" if the password has expired. It would be nice if the user could/had to change password before continuing, like with Linux console login. I've tried to make an patch, but it doesn't work. Ideas? --- auth-pam.c.org Wed Oct 11 18:03:43 2000 +++ auth-pam.c Wed Oct 11 18:03:44

Dear aarumuga I've been reading your questions in Samba mailing list about SMB & Sun LDAP. I'm working with a same project and I would like to know only if is it posible or have you achieved your goal to link samba and Sun LDAP? Thanks in advance and excuse me for my english. Best regards, Ramon Aznar

to improve forensic log info i want to set the PAM_RHOST value to the remote ip (which pam logs as rhost=foo in failure messages). i didn't look to see if anything has been done in this way on CVS because i'm still on 0.99.10.6. below is a bit of a hack. in some sense the remote_ip might make more sense in the AUTH_LOGIN_REQUEST_NEW packet rather than the continue packet... but that

Anyone out there know more about PAM under Solaris 7/x86 then I do, that can maybe tackle this, and/or suggestion a route to take to fix? After doing some debugging, it looks like the problem is a seg fault at: sshd.c:void pam_cleanup_proc(void *context) =========================================== debug("PAM_retval(open_session) about to run"); pam_retval =

Hello, appended is a patch that makes it possible to use PAM both for password authentication and TIS (i.e. s/key or opie or any other interactive challenge/response scheme). I have developed this starting from the patch at http://www.debian.org/Bugs/db/61/61906.html on Debian with openssh-2.1.1p4-3. After configuring ssh with --with-pam-tis, there are two PAM services, "sshd" and

https://bugzilla.mindrot.org/show_bug.cgi?id=3736 Bug ID: 3736 Summary: sshd falls back to password prompt after PAM module returns a PAM_MAXTRIES. Product: Portable OpenSSH Version: 9.8p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5

As many of you know, OpenSSH 3.7.X, unlike previous versions, makes PAM authentication take place in a separate process or thread (launched from sshpam_init_ctx() in auth-pam.c). By default (if you don't define USE_POSIX_THREADS) the code "fork"s a separate process. Or if you define USE_POSIX_THREADS it will create a new thread (a second one, in addition to the primary thread). The

Hi and here's an feature request from a user/developer, wher I would like to hear your comments again. Thanks > The PAM_RHOST item, which tells PAM which remote host it is conversing > with, is currently set by OpenSSH _after_ authentication is made. This > is not a good thing for me, as a have written a module which needs the > IP of the peer as a part of authentication. >

In passdb-pam.c, I found some bits about const with some PAM data types. Rather than check for each vendor of PAM, better to check for actual const usage ... some vendors have changed const-ness between releases. Also, actually testing constness is great for supporting new implementations that may come out. Here is the autoconf test I use in pam_otp_auth: --8<-- # Check PAM headers for

Hi All. Attached is another patch that attempts to do pam_chauthtok() via SSH2 keyboard-interactive authentication. It now passes the results from the authentication thread back to the monitor (based on a suggestion from djm). Because of this, it doesn't call do_pam_account twice and consequently now works on AIX 5.2, which the previous version didn't. I haven't tested it on any

While configuring my server with dovecot I noticed that the PAM authentication driver does not support the username_format option as does the password file driver. This didn't seem too hard to implement so I through together a patch. As you can see in the attached patch I only modify the username sent to PAM. Despit doing this I run into the domain lost