similar to: [Bug 2018] New: sshd not handling PAM_NEW_AUTHTOK_REQD properly

Displaying 20 results from an estimated 6000 matches similar to: "[Bug 2018] New: sshd not handling PAM_NEW_AUTHTOK_REQD properly"

2015 Aug 11
0
[Bug 2018] sshd not handling PAM_NEW_AUTHTOK_REQD properly
https://bugzilla.mindrot.org/show_bug.cgi?id=2018 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED --- Comment #2 from Damien Miller <djm at mindrot.org> --- Set all RESOLVED bugs to CLOSED with release
2002 Feb 27
0
[Bug 129] New: PAM with ssh authentication fails treat PAM_NEW_AUTHTOK_REQD properly
http://bugzilla.mindrot.org/show_bug.cgi?id=129 Summary: PAM with ssh authentication fails treat PAM_NEW_AUTHTOK_REQD properly Product: Portable OpenSSH Version: 3.0.2p1 Platform: UltraSparc OS/Version: Solaris Status: NEW Severity: normal Priority: P2 Component: sshd
2004 Sep 14
1
PATCH: Public key authentication defeats passwd age warning.
All, I tried to sign up for this list a few weeks ago, but I don't think it worked. After I confirmed my intention to be on the list, I only got one single message from someone on the list, and that was it. So, either this is a particularly quiet list, or my subscription was dropped somehow just after it was made. So, if you could kindly CC me directly on any responses to this, I sure would
2002 Mar 30
0
[Bug 129] PAM with ssh authentication fails treat PAM_NEW_AUTHTOK_REQD properly
http://bugzilla.mindrot.org/show_bug.cgi?id=129 stevesk at pobox.com changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|openssh-unix-dev at mindrot.org|stevesk at pobox.com ------- Additional Comments From stevesk at pobox.com 2002-03-31 05:44 ------- i will look at this. -------
2023 Dec 22
0
sshd and password expiration
I am facing the following situation on my Linux: - i have my own user database for the users who log in via a web interface - privileged users are allowed to log on to the device via ssh (pam is in use) - these users are redirected (via nss module) to a linux user who cannot log in directly to the system so far this is working fine. But now I also want the user to change the password if it has
2003 Dec 07
0
[PATCH] Do PAM chauthtok via keyboard-interactive.
Hi All. Attached is another patch that attempts to do pam_chauthtok() via SSH2 keyboard-interactive authentication. It now passes the results from the authentication thread back to the monitor (based on a suggestion from djm). Because of this, it doesn't call do_pam_account twice and consequently now works on AIX 5.2, which the previous version didn't. I haven't tested it on any
2018 Sep 28
2
Support for RFC4252 in sshd with PAM
Hi I'm trying to integration a Java application using SSHJ <https://github.com/hierynomus/sshj> client-side - into OpenSSH 7.4. This is fine, except where I get to a password expiry situation. Looking at RFC4252 <https://www.ietf.org/rfc/rfc4252.txt> (which is supported by SSHJ) I don't see any SSH_MSG_USERAUTH_PASSWD_CHANGEREQ [60] messages getting passed from
2003 Nov 13
0
[PATCH] Perform do_pam_chauthtok via SSH2 keyboard-interactive.
Hi All. Attached is a patch to perform pam_chauthtok via SSH2 keyboard-interactive. It should be simpler, but since Solaris seems to ignore the CHANGE_EXPIRED_AUTHTOK flag, it calls do_pam_account to check if it's expired. To minimise the change in behaviour, it also caches the result so pam_acct_mgmt still only gets called once. This doesn't seem to work on AIX 5.2, I don't know
2003 Oct 12
4
[PATCH]: Call pam_chauthtok from keyboard-interactive.
Hi All. This patch calls pam_chauthtok() to change an expired password via PAM during keyboard-interactive authentication (SSHv2 only). It is tested on Redhat 8 and Solaris 8. In theory, it should have simply been a matter of calling pam_chauthtok with the PAM_CHANGE_EXPIRED_AUTHTOK flag, it'd only change the password is if it's expired, right? From the Solaris pam_chauthtok man page:
2000 Nov 05
1
HP-UX 11.0 libpam patch
Patch PHCO_22265 (s700_800 11.00 cumulative libpam and libpam_unix patch) is now available that fixes a problem discussed a while back on the list regarding an incorrect return value from pam_acct_mgmt(), which effected the ability to change an expired password: (SR: 8606160402 CR: JAGad29724) HP-UX is inconsistent with the PAM standard with respect to the return value for
2000 Oct 11
1
Expired passwords & PAM
Currently, OpenSSH prints the message: "Warning: You password has expired, please change it now" if the password has expired. It would be nice if the user could/had to change password before continuing, like with Linux console login. I've tried to make an patch, but it doesn't work. Ideas? --- auth-pam.c.org Wed Oct 11 18:03:43 2000 +++ auth-pam.c Wed Oct 11 18:03:44
2009 May 23
7
[Bug 1601] New: Memory leak caused by forwarded GSSAPI credential store
https://bugzilla.mindrot.org/show_bug.cgi?id=1601 Summary: Memory leak caused by forwarded GSSAPI credential store Product: Portable OpenSSH Version: 5.2p1 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: unassigned-bugs at
2009 Apr 01
3
[Bug 1582] New: memory leak in do_ssh2_kex() routine (sshd.c)
https://bugzilla.mindrot.org/show_bug.cgi?id=1582 Summary: memory leak in do_ssh2_kex() routine (sshd.c) Product: Portable OpenSSH Version: 5.2p1 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: unassigned-bugs at mindrot.org ReportedBy:
2009 Apr 02
17
[Bug 1583] New: User principal name in AIX
https://bugzilla.mindrot.org/show_bug.cgi?id=1583 Summary: User principal name in AIX Product: Portable OpenSSH Version: 5.2p1 Platform: PPC OS/Version: AIX Status: NEW Severity: normal Priority: P2 Component: Kerberos support AssignedTo: unassigned-bugs at mindrot.org ReportedBy:
2012 Aug 10
11
[Bug 2032] New: Local user name in krb5_kuserok call
https://bugzilla.mindrot.org/show_bug.cgi?id=2032 Priority: P5 Bug ID: 2032 Assignee: unassigned-bugs at mindrot.org Summary: Local user name in krb5_kuserok call Severity: normal Classification: Unclassified OS: AIX Reporter: miguel.sanders at uniforce.be Hardware: PPC Status: NEW
2013 Oct 31
0
Older ssh clients can't connect to sshd (6.3p1) built using FIPS object module 2.0.5
Hi, ssh server: OpenSSH_6.3-FIPS, OpenSSL FIPS Object Module v2.0.5 ssh client: OpenSSH_5.3p1, OpenSSL FIPS Object Module v1.2 We have built and installed FIPS object module (v2.0.5) using http://www.openssl.org/source/openssl-fips-2.0.5.tar.gz Using this FIPS object module, we have build FIPS capable openssl as well. Note that we have "not" used ecp version (with binary curve
2005 Jun 08
1
Possible security flaw in OpenSSH and/or pam_krb5
openssh-unix-dev at mindrot.org kerberos at ncsa.uiuc.edu We believe there is a security flaw in either OpenSSH and/or RedHat's pam_krb5 module. When a Kerberos principal has the REQUIRES_PWCHANGE (+needchange) flag set, OpenSSH+pam_krb5 will still successfully authenticate the user. Local 'su' and 'login' fail in this case which leads us to believe it's at least
2004 Jan 15
2
What is print_pam_messages() used for ?
Hi, I was investigating why I don't see any warnings from pam_ldap indicating the pending expiration of passwords as well as for PAM_NEW_AUTHTOK_REQD. Eventually, I found that do_pam_account() does not have a conversation function. Also, there is a function print_pam_messages (currently empty) which look suspiciously like it is ear marked to show just those error messages: /* auth-pam.c
2015 Jan 28
3
[LLVMdev] [Mips][TargetOptions] How to properly instantiate TargetOptions in MC layer?
Hi Eric, The main thing we need to fix is that the selection between ELF32/ELF64 needs to depend on the ABI being N64 and not on whether we used a mips-linux-gnu triple versus a mips64-linux-gnu triple. So 'clang -target mips-linux-gnu' -mips64r2 -mabi=64' should produce an ELF64 and 'clang -target mips64-linux-gnu -mips32r2 -mabi=32' should produce an ELF32. In terms of code,
2009 May 03
10
[Bug 1595] New: Server option PrintLastLog does not work on AIX
https://bugzilla.mindrot.org/show_bug.cgi?id=1595 Summary: Server option PrintLastLog does not work on AIX Product: Portable OpenSSH Version: 5.2p1 Platform: PPC OS/Version: AIX Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: unassigned-bugs at mindrot.org ReportedBy: