similar to: pam_krb5 and xdm

First time poster so be kind :) I was looking at the pam_krb5.c code and noticed that for authentication to succeed getpwnam() has to succeed. Previously I had setup a web site using mod_auth_pam to authenticate against an active directory (AD) server using a pam config like: # auth auth required pam_krb5.so no_ccache no_warn # account account required

I have set up LDAP/KRB5 access to my active directory network. If I do a getent passwd, I see the users with a unix UID/GID. If use kinit, I can get a token. If I su to a user, it creates a home folder, and shows correct IDs etc. However the machine will not log in via ssh or the GUI. In secure I see: Oct 27 11:14:55 rhelads sshd[4190]: pam_krb5[4190]: ccache dir: /tmp Oct 27 11:14:55 rhelads

I having been trouble by this for a few days now and was wondering if anyone else has had any luck with this? I am currently running Samba 2.2.6pre2 on FreeBSD 4.7-RELEASE I have successfully set up samba to be the PDC I am unsuccessfully trying to change the passwords on the W2k box and I am recieving the error that the user name/password are incorrect make sure the caps lock is not on. When I

Hello, Prequalify: I'm quite a novice w/ Kerberos, so my terminology and assumptions may be rough. Also, please CC me since I'm not a list subscriber. I'm running a fairly recent -STABLE [1] and have installed the base Heimdal Kerberos implementation via the MAKE_KERBEROS5 knob in /etc/make.conf. I'm having the problem that I don't see a cached credential file being created

openssh-unix-dev at mindrot.org kerberos at ncsa.uiuc.edu We believe there is a security flaw in either OpenSSH and/or RedHat's pam_krb5 module. When a Kerberos principal has the REQUIRES_PWCHANGE (+needchange) flag set, OpenSSH+pam_krb5 will still successfully authenticate the user. Local 'su' and 'login' fail in this case which leads us to believe it's at least

xdm is a basic X11 display manager and GUI login screen. This release fixes a failure to build with the upcoming gcc 14, cleans up several other compiler warnings, fixes a bug in the generation of the xdm.service file for systemd, and removes a lot of dead code checks for platforms & features that have not been supported since the conversion from Imake to autoconf in 2005. Alan Coopersmith

xdm is the classic X11 Display Manager, using the Athena Widgets toolkit. While it lacks in support for accessibility, internationalization, or other modern features, it is still used in some sites for historical reasons. This release collects 7 years worth of bug fixes and code cleanups, including the fix for CVE-2013-2179 that was previously distributed as a patch against the prior release.

Adam Jackson (1): xdm 1.1.8 Jeremy Huddleston (2): Added include of pwd.h so we build correctly on OS-X - see xorg mailing list Build fix for case-insensitive file systems Julien Cristau (3): Fix installation of app-defaults Fix build with builddir != srcdir $(builddir) is the current directory Matthieu Herrb (1): README: nuke RCS Id Samuel Thibault

Adam Jackson (2): Fix distcheck. xdm 1.1.7 Alan Coopersmith (2): Restore #endif accidentally removed in d0d4581be22aba9021c5a672bd9e5ba719961e29 Debian bug #440389: 800x600 settings got lost, screen now too wide Jeremy Huddleston (1): Darwin doesn't need __DARWIN__ anymore. git tag: xdm-1.1.7 http://xorg.freedesktop.org/archive/individual/app/xdm-1.1.7.tar.bz2

Hi, I have a box running with samba 2.2.7 and winbind (nmbd and winbindd in use) to allow users of the local NT domain to login. The config files for PAM and /etc/nsswitch.conf have been configured correctly so logins are now possible using the local console (login), ssh, xdm and su. Almost everything works fine - everything but the time that is needed for the login process of an NT user to

Alon, I should have provided more background. You are assuming that I could perform the PKINIT prior to connecting to the SSH server. In this case (and others) there is an interest in not exposing the kerberos servers to the world and thus someone connecting remotely would not be able to obtain a TGT or do a PKINIT. The goal would be for SSH to handle all the auth and only after connecting to

Hi everyone, every comment about this: http://xforce.iss.net/xforce/xfdb/16264 Didn't find any hint or patch on http://www.xfree86.org/security/. Best regards Konrad Heuer (kheuer2@gwdg.de) ____ ___ _______ GWDG / __/______ ___ / _ )/ __/ _ \ Am Fassberg / _// __/ -_) -_) _ |\ \/ // / 37077 Goettingen /_/ /_/

I would like to change background color for xdm, is there any parameter which I should change? I tried to change *Background and xlogin*background in /etc/X11/xdm/Xresources but did not success. --beast

We have recently upgraded to : samba-3.0.21 openssl-0.9.7g krb5-1.4.3 openldap-2.3.11 db-4.4.16 cyrus-sasl-2.1.21 m4-1.4.4flex-2.5.31 autoconf-2.59 libiconv-1.9.1 gcc-3.4.2 bison-2.1 automake-1.9 libtool-1.5.22 and have got samba authenticating against our 2003 AD servers, however we now discovered that someone has setup xdm to use pam authentication to the old NT4 domain using xdm.pam and

Alon, On 12/18/2018 06:52 PM, Alon Bar-Lev wrote: > OK... So you have an issue... > > First, you need to delegate your smartcard to remote machine, probably > using unix socket redirection managed by openssh. This can be done in > many levels... > 1. Delegate USB device, this will enable only exclusive usage of the > smartcard by remote machine. > 2. Delegate PC/SC, this

Hi, Just writing here my note about auth_default_realm, pam_krb5 and gssapi. It seems that 'pam' passdb and 'gssapi' auth_mechanism doesn't honor 'auth_default_realm' setting, at least in several setups I deal with. Here is a part of the config: passdb { args = max_requests=100 cache_key=%u%r dovecot driver = pam } auth_default_realm = REALM.COM

Hi all, I am just after some opinions about the pros and cons of winbind compared to the 'standard' kerberos and ldap methods. I've have already got single sign on working with pam_krb5 and nss_ldap (using SASL/GSSAPI) against SBS 2003 (with MSSFU 3.0) using Debian Sarge as clients/'member servers', and integration of Samba is the next bit I'm looking at. The impressions

Hello list, I'd like to share with you my experience with Samba4 AD-DC and Mac OSX Mountain Lion 10.8.4 joining it to the domain and using kerberos implementation on OSX to authenticate users against the AD. Maybe it's useful to anyone here My scenario: My domain controller is on a remote location and I've got my router (Mikrotik) setup to create a PPTP tunnel to the w2k8 server

http://bugzilla.mindrot.org/show_bug.cgi?id=127 Summary: PAM with ssh authentication and pam_krb5 doesn't work properly Product: Portable OpenSSH Version: 3.0.2p1 Platform: UltraSparc OS/Version: Solaris Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo:

with the following pam.conf entries, after being prompted for a login password the connection is closed: other auth sufficient /usr/lib/security/$ISA/pam_krb5.so.1 other auth required /usr/lib/security/$ISA/pam_unix.so.1 try_first_pass the system logs the error: sshd[4215]: fatal: input_userauth_info_response_pam: no authentication context if the pam.conf entry is changed to the