similar to: Trouble with -W

On 2015-11-26 13:33, Darren Tucker wrote: > On Thu, Nov 26, 2015 at 4:11 PM, Tinker <tinkr at openmailbox.org> wrote: >> The goal is to get a script invoked *at login time*, > > This part I follow, but having a script run is just a means to an end > not the end itself. What is the script going to do? > >> so that the authentication only is known to the client

On 2015-11-26 14:16, Darren Tucker wrote: > On Thu, Nov 26, 2015 at 4:49 PM, Tinker <tinkr at openmailbox.org> wrote: >> On 2015-11-26 13:33, Darren Tucker wrote: > [...] >>> What is the script going to do? > > You didn't answer this. Register the login to the group's login database. >> How would you do it using bsdauth? >> >> (PAM

Thread split from my previous communication. Here is the integrity logs on the platform. I had to cut this should due to the length of the logs (5Mb). ***************** failed-regress.log ************ trace: test integrity: hmac-sha1 @2900 FAIL: unexpected error mac hmac-sha1 at 2900: Bytes per second: sent 65665.7, received 55994.0. trace: test integrity: hmac-sha1 @2901 FAIL:

Thread split from my previous communication. Here is the key-commands logs on the platform. ***************** failed-regress.log ************ trace: AuthorizedKeysCommand with arguments FAIL: connect failed trace: AuthorizedKeysCommand without arguments FAIL: connect failed ***************** failed-ssh.log ************ trace: AuthorizedKeysCommand with arguments

On 23/04/2018 11:49, Michael Felt wrote: > On 21/04/2018 16:21, Michael Felt wrote: > > > Question: I have not dug into the tests yet. Will copy to a "local" > directory, and not build out of tree and see if that fixes it (as it > does for many other packages). However, just in case it does not - how > can I fast-forward the tests to the "agent" tests?

Hi, I've reported this problem a month ago on this list, and probably no-one is interested? Binaries were configured with krb4 and afs enabled. However, only the second crash seems to be related to krb4. Any thoughts? I had to add one line to includes.h: #include <sys/types.h> #include <sys/socket.h> #include <sys/ioctl.h> +#include <sys/ioccom.h> #include

On 2015-11-26 13:03, Darren Tucker wrote: > On Thu, Nov 26, 2015 at 3:41 PM, Tinker <tinkr at openmailbox.org> wrote: >> What I am looking for is an SSHD configuration where every >> successfully >> authenticated connection also guaranteedly will lead to a >> ForcedCommand >> invocation. > [...] >> Is this possible? > > I don't think

Hi, How to configure sshd to required both ssh public key and user password also? yes, stupid, but required on my setup.. -- Eero

We still have MD5 as our default password hash, even though known-hash attacks against MD5 are relatively easy these days. We've supported SHA256 and SHA512 for many years now, so how about making SHA512 the default instead of MD5, like on most Linux distributions? Index: etc/login.conf =================================================================== --- etc/login.conf (revision

I've seen that is possible to use switch port blocking with freeradius and cisco switches via 802.1X and EAP protocol. Here is more info: http://wiki.freeradius.org/FreeRADIUS_Active_Directory_Integration_HOWTO What if I don't have switch that supports 802.1X or I want that blocking is done by FreeBSD, not the switch. Because FreeBSD is the firewall or gateway to some networks. Is there

I figure some one here may find this interesting. I just begun work on allowing a smb home directory to be automounted upon login. -------------- next part -------------- A non-text attachment was scrubbed... Name: pam_exec.c.diff Type: text/x-patch Size: 213 bytes Desc: not available Url : http://lists.freebsd.org/pipermail/freebsd-security/attachments/20070519/19e6bd01/pam_exec.c.bin

Login seems to be ignoring my /etc/login.access settings. I have the following entries (see below) in my login.access, yet any new user (not in the wheel group) is still allowed to login. What am I missing? # $FreeBSD: src/etc/login.access,v 1.3 1999/08/27 23:23:42 peter Exp $ # -:ALL EXCEPT wheel:console -:ALL EXCEPT wheel:ALL Thanks, -- Scott Gerhardt, P.Geo. Gerhardt Information

Take the usual precautions when upgrading. Also note that I have changed some configuration defaults: the server no longer accepts protocol version 1 nor password authentication by default. If your ssh client does not support ssh protocol version 2 or keyboard-interactive authentication, the recommended measures are: 1) get a better client 2) get a better client (I mean it) 3) get a better

Lesley Kimmel <lesley.j.kimmel at gmail.com> writes: > So I probably shouldn't have said "arbitrary" script. What I really > want to do is to present a terms of service notice (/etc/issue). But I > also want to get the user to actually confirm (by typing 'y') that > they accept. If they try to exit or type anything other than 'y' they > will be

On Tue, Oct 20, 2015 at 01:31:46AM +0200, ?ngel Gonz?lez wrote: > On 16/10/15 12:46, hubert depesz lubaczewski wrote: > >On Thu, Oct 15, 2015 at 04:15:03PM -0400, Daniel Kahn Gillmor wrote: > >>> if the intermediary machine (the "jumphost") is jumphost.example, and > >>> you are trying to reach bar.example.com (which is behind the firewall), >

Nico Kadel-Garcia <nkadel at gmail.com> writes: > Dag-Erling Sm?rgrav <des at des.no> writes: > > Some OS distributions (FreeBSD, RHEL / CentOS, probably Fedora) have > > X11Forwarding enabled by default. > I'm not sure I see your point. With X11Forwarding off by default, one would assume that it is only enabled on a case-by-case basis for users or groups who

Nico Kadel-Garcia <nkadel at gmail.com> writes: > Dag-Erling Sm?rgrav <des at des.no> writes: > > It is relatively trivial to write a PAM module to do that. > Which will have the relevant configuration overwritten and disabled > the next time you run "authconfig" on Red Hat based sysems. I'm not > sure if this occurs with other systems, but tuning PAM is

Hello, I am interested in an ssh that is not interactive in requesting the password, i.e, whereas I can specify the password in the command line when calling SSH. I have wondered how such a feature has not been included in such a good client, as it seems there are many (and I have searched for this) people require this capability for their scripts/automation. I understand the possibility of

Cf. http://seclists.org/fulldisclosure/2008/Jul/0090.html This Mrdkaaa character claims to have exploited this, but does not say how. The issue is that if do_pam_account() fails, do_authloop() will call packet_disconnect() with loginmsg as the format string (classic printf(foo) instead of printf("%s", foo) bug). The stuff that do_authloop() appends to loginmsg is harmless (the user

Nico Kadel-Garcia <nkadel at gmail.com> writes: > I'm just trying to figure out under what normal circumstances a > connection with X11 forwarding enabled wouldn't be owned by a user who > already has normal system privileges for ssh, sftp, and scp access. Some OS distributions (FreeBSD, RHEL / CentOS, probably Fedora) have X11Forwarding enabled by default. DES --