similar to: checkpassword protocol

Dear dovecot maintainers: I'm using SSL client certificates together with a checkpassword scripts to authenticate our users. My problem is: In the checkpassword script the AUTH_USER environment variable will either contain the username that was configured in the mailclient (if auth_ssl_username_from_cert=false) or the username from the certificate (if auth_ssl_username_from_cert=true). I

Dear Dovecot experts, we have unusual authentication requirements, namely: - almost all of our user are using a smartcard to connect with our mailserver. Thunderbird is our friend here as it will use the smartcard as an additional certificate store and Thunderbird will do client certificate based authentication when connecting via SSL with a mailserver - there's no way (at least that I know

Dear readers we are using Dovecot 2.2.7 and all of our users are using Thunderbird as their mail client. Some of them additionally use their iPad/iPhone and a very few an Android Mail-Client. Now one user noticed that two of his mail folders disappeared. He first believed that he accidentally deleted those folders but then he realized that they are still visible from his iPad. I checked this

https://bugzilla.samba.org/show_bug.cgi?id=13496 Bug ID: 13496 Summary: lseek returned -1, not 2147483648: Invalid argument (22) Product: rsync Version: 3.1.2 Hardware: Sparc OS: Solaris Status: NEW Severity: normal Priority: P5 Component: core Assignee:

Hi I'm trying to use dovecot with client certificates. We produce our certificates with our on CA and we do NOT use certificate revocation lists. So I put "ssl_require_crl = no" into 10-ssl.conf. I did not find a solution neither in the wiki nor somewhere else, so I finally started to read the source. My impression is that openssl will always try to use CRLs. If

Dear dovecot experts: We are using client certificates to authenthicate against a Dovecot server. Our certificates contain a x500UniqueIdentifier. I'm absolutely sure that the value of the x500UniqueIdentifier was stored into the AUTH_USER when I tested my setup last year. This has somehow changed and now AUTH_USER always contains the username. This has fatal consequences as now every owner

Hi everybody, I'm using SSL client certificates or checkpassword scripts to authenticate our users. If a user sent a client certificate from his smartcard my checkpasswort will ignore the password, if he does not sent a client certificate but uses his OTP-token then my checkwassword script will check wether the password is a correct one time password. My problem is: the AUTH_USER variable

On 12/02/15 18:42, soonerdave wrote: > I'll certainly give that a try this evening, Rowland. Thank you for the > suggestion and review. > > What concerns me about the wbinfo issue on the existing PDC is that there's > really no rationale for it *not* to work. Almost makes me wonder if there's > some red herring at hand, a mismatched library (granted the failure would

A while back, I sent in a patch that added Digital Unix SIA authentication to OpenSSH. Well, I just figured out that it didn't handle everything correctly (locked accounts could still log in). I thought I had checked that, but I guess I missed it. Anyway, here is a patch against OpenSSH 2.2.0p1 that fixes this. -- Chris Adams <cmadams at hiwaay.net> Systems and Network Administrator

Hi, as it turned out on the Cygwin mailing list, the special handling of empty password in auth-passwd.c when running under Windows NT results in problems. Cause: The authentication methode "none" calls auth_password() with an empty password. A piece of HAVE_CYGWIN code allows empty passwords even if PermitEmptyPasswords is set to "no". This in turn results in calling

BSD/OS 4.2 comes with OpenSSH 2.1.1p4, patched to support BSDI's authentication library. However, BSDI's patches have several problems: 1. They don't run the approval phase, so they can allow users to login who aren't supposed to be able to. 2. They don't patch configure to automatically detect the BSDI auth system, so they're not ready to use in a general portable

Greetings, When PasswordAuthentication no + PermitEmptyPasswords yes SSH2 allows access to a passwordless account without a valid key. This is my patch: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ wormhole# diff -u auth2-none.c.old auth2-none.c --- auth2-none.c.old Thu Jul 17 06:23:24 2003 +++ auth2-none.c Thu Jul 17 06:44:42 2003 @@ -100,7 +100,9 @@ if (check_nt_auth(1,

When comparing SSH 1.2.27 with OpenSSH 2.5.1 I see that the SecurID code/patch is not in OpenSSH 2.5.1. I'm not sure how or why that happened. Upon looking through the OpenSSH 2.5.1 source, I think I could fairly easily provide a 'SecurID Authentication Method' patch (which would rely on -DHAVE_SECURID, -I/blah/securid/include, and -L/blah/securid/lib... /blah/securid being a

I'm experimenting with checkpassword as an auth method for usedb and passdb (http://wiki2.dovecot.org/AuthDatabase/CheckPassword). I've set up the userdb and passdb *exactly* as the wiki suggests as the "standard way": passdb { driver = checkpassword args = /user/util/bin/checkpassword } userdb { driver = prefetch } I've created a checkpassword program that does

Hi All, While testing another patch, I found that I could not longer log in as root, even if PermitRootLogin was yes. It seems to be the following code in auth_password: $ cvs diff -r1.48 -r1.49 auth-passwd.c [snip] #ifndef HAVE_CYGWIN - if (pw->pw_uid == 0 && options.permit_root_login != PERMIT_YES) + if (pw->pw_uid == 0 && options.permit_root_login !=

Not to be grumpy, but I've posted a dozen or more message to this list in the past week about what I think might be relatively common/easy issues and have had zero response except from Rick Romero who is trying, but hasn't actually done what I need himself. I'm sure someone has. Perhaps these problem are too mundane compared to CalDAV, sieve filtering and IPA to excite List interest?

I tried adding wwww to my dial string... It appears to not made any differnece. I see by watching show channels that the w's are there in the dial. I have this box connected to bell south down in georgia. I have an identical box connected in indiana. The box in indiana works fine when dialing out. When in GA dialout is getting "you must first dial a 1 to place this call". show

Just wondering if anyone has tried to compile icecast on a SGI machine running irix 6.5.14 or the like. I tried w/ a bunch of differnet compiler options, (using gcc for the compiler) just to get a myriad of errors. Thanks, Jeff Utter <p><p><p>--- >8 ---- List archives: http://www.xiph.org/archives/ icecast project homepage: http://www.icecast.org/ To unsubscribe from this

I am trying to migrate samba from a box with Mandrake 10.1 with Samba 3.0.10 to a new box running CentOS 5.2 with Samba 3.0.28. The two versions of samba are too differnet to simply copy the config and tdb files over to the new box and the Mandrake box won't upgrade past 3.0.10. I could really use some suggestions. Thanks Greg

Hello I have few questions about openssh... 1/ there is probably bug in auth-password.c in auth_password function if (pw->pw_uid == 0 && options.permit_root_login == 2) return 0; if (*password == '\0' && options.permit_empty_passwd == 0) return 0; /* deny if no user. */ if (pw == NULL) <----------- this should be first checked .... return 0; 2/ do I have