similar to: Where to implement user limit settings ?

Displaying 20 results from an estimated 700 matches similar to: "Where to implement user limit settings ?"

2002 Sep 04
2
uid transition and post-auth privsep (WAS Re: possible fundamental problem with tru64 patch) (fwd)
What do we loose by not having post-auth privsep? What code is executed between authorization and actual setting of the effective uid? On Tue, 3 Sep 2002, Chris Adams wrote: > Once upon a time, Toni L. Harbaugh-Blackford <harbaugh at nciaxp.ncifcrf.gov> said: > > It appears that the integration of the sia session setup will either > > have to be rethought or abandoned
2002 Jun 25
1
PrivSep and AIX 4.3.2
With 3.3p1 built on AIX 4.3.2: $ ssh [blah] Couldn't set usrinfo: Not owner debug1: Calling cleanup 0x20019080(0x200219a0) debug3: mm_request_send entering: type 27 debug1: Calling cleanup 0x20018dd4(0x0) Connection to songohan closed by remote host. Connection to songohan closed. Output from sshd -d -d -d: ... debug3: tty_parse_modes: 92 0 debug3: tty_parse_modes: 93 0
2001 May 01
1
Problem with .hushlogin in Tru64 UNIX 4.0e
I have tried this with openssh-2.5.2p2 and openssh-SNAP-20010501. I have noticed that with a .hushlogin file in my home directory I still get messages. With the .hushlogin file I get these messages: Last successful login for ricardo: Tue May 1 08:06:00 2001 from blah.mnsu.edu Last unsuccessful login for ricardo: Tue May 1 08:05:21 2001 from blah.mnsu.edu Without the .hushlogin file I get
2002 Nov 05
2
[PATCH] Add a chroot_users option to sshd
This patch adds a new option to sshd, chroot_users. It has the effect of chroot()ing incoming ssh users to their home directory. Note: this option does not work if UsePrivilegeSeparation is enabled. Patch is based on OpenSSH 3.4p1. *** servconf.h@@\main\1 Tue Oct 1 17:25:32 2002 --- servconf.h Wed Oct 2 06:17:48 2002 *************** *** 131,136 **** --- 131,137 ---- char
2001 Mar 20
1
Tru64 UNIX SIA in 2.5.2p1 is hosed
Something really hosed Digital/Tru64 UNIX SIA support in 2.5.2p1. I haven't been able to figure out what changed in the code, but the symptom seems to be that the TTY name being registered with SIA is truncated to eight characters. This apparently prevents it from matching with entries in the tty database, and the dreaded "Cannot obtain database information on this terminal
2002 Aug 11
4
OSF/1 or Tru64 patch for Privsep
Either this never made it to the list or no one cares about Tru64. This is the last time I'll send this patch to the list. If no one steps up and finishes it or provides me with enough information to fix any remaining bugs (one being complaint that 'ssh site cmd' does not work right). If there is no activity on this for a week. I'll post it to bugzilla and will ignore any
2001 Apr 13
0
Fixed patch for Digital Unix SIA
Okay, here is a fixed version of the patch I sent before for fixing the problems I know about with Digital Unix SIA: displaying too much info (MOTD, last login, etc.) when access is denied, and the loss of the error message sometimes when access is denied. It does break some code out of do_login into a couple of separate functions. I did this to avoid duplicating the code in a couple of places.
2002 Sep 11
1
tru64 sia: move call of session_setup_sia() to do_setusercontext(), letting grantpty() and friends handle pty perms
Hi- Under privsep, I experimented with moving the session_setup_sia() out of do_child() and into do_setusercontext(), which is where the uids/gids are set to the final execution user. The call is made with a NULL tty, and this is functional provided that any later pty allocation uses grantpty() to set the device permissions. Logging in with this method shows that a utmp entry does get made for
2001 Nov 15
1
Solaris 2.6: acomp failed for session.c
Re: openssh-2.9.9p2 versus Solaris 2.6, Forte C version 6upd2 The compiler treated the call to do_pre_login in session.c line 581 as a prototype, warned of inconsistency with the function definition starting line 628: "session.c", line 628: identifier redeclared: do_pre_login current : static function(pointer to struct Session {[struct definition suppressed]}) returning void
2002 Apr 22
0
[Bug 101] session.c modifications for correct UNICOS behavior
http://bugzilla.mindrot.org/show_bug.cgi?id=101 ------- Additional Comments From wendyp at cray.com 2002-04-23 08:43 ------- updated patches for 22 april snapshot: --- session.c.orig Mon Apr 22 14:36:13 2002 +++ session.c Mon Apr 22 16:31:15 2002 @@ -64,6 +64,10 @@ #define is_winnt (GetVersion() < 0x80000000) #endif +#ifdef _CRAY +#include <tmpdir.h> +#endif /*
2001 Oct 23
1
Compilation error on Solaris Workshop 6 (+patch)
Hi! At compilation of the openssh-2.9.9p2 with Solaris WorkShop 6.01 the following compilation error was given out. /opt/SUNWspro/bin/cc -Xa -xF -xCC -xildoff -xarch=v9 -xchip=ultra -dalign -I/usr/include/v9 -D_REENTRANT -xO2 -I. -I. -I/usr/local/include -DETCDIR=\"/etc/ssh\" -D_PATH_SSH_PROGRAM=\"/usr/local/bin/ssh\"
2001 Aug 07
1
do_pre_login() used before declared
do_pre_login() in session.c is used (in do_exec_pty()) before it's declared, which is causing some problems for me. please move it up a couple hundred lines in the file. patch included for 0807 snapshot. thanks, wendy % diff -u session.c.orig session.c.mod --- session.c.orig Tue Aug 7 13:11:51 2001 +++ session.c.mod Tue Aug 7 16:21:07 2001 @@ -397,6 +397,34 @@ } }
2003 Feb 27
0
Update for Tru64 Unix
Here is a long-overdue (sorry about that) patch for Tru64. It is pretty minor mostly (minor formatting and removal of a couple of unneeded calls), and it disables post-auth privsep (so that OpenSSH will work "out of the box" on Tru64, avoiding the many questions). I'm also looking at getting setproctitle working. For Tru64 4.x, it isn't a big deal (normal PS_USE_CLOBBER_ARGV
2001 Mar 21
1
Tru64 UNIX SIA in 2.5.2p1 is hosed (still)
The recent patch posted by Steve VanDevender <stevev at darkwing.uoregon.edu> for fixing the session code on Tru64 isn't quite right -- it still fails in the case of NO tty being allocated. The problem is that s->tty is a char[TTYSZ] rather than a char *, and hence can't hold a NULL. Calling sia_ses_init() with the tty being an empty string doesn't signify no tty, and
2001 Feb 13
4
cvs bulid breaks on slackware
cvs code from this morning (about 9am PST) breaks on slackware 7.1 w/ gcc 2.95.2.1 with an undefined reference to session_setup_sia in session.o. this seems to be the culprit here: #ifdef HAVE_OSF_SIA #else /* HAVE_OSF_SIA */ session_setup_sia(pw->pw_name, ttyname); since i have no idea what that's trying to accomplish (and seems to be a bit backwards to me from looking
2002 Jun 29
0
Privsep for osf/1 .. still need a bit of help
This privsepifies OSF/1 SIA, but I'm still being told the same error occurs. I'm stumped. Without an OSF/1 box near me I can't do too much more help unless someone can either tell me what is wrong or show me why SIA is failing in their logs. (And tell me if it's different w/ or w/out this patch) - Ben Index: auth-sia.c
2004 Sep 06
0
OpenSSH 3.9p1 bug, .hushlogin is ignored
Hello Darren! Hello OpenSSH (portable) users! After updating from OpenSSH 3.8.1p1 to OpenSSH 3.9p1 on my Fedora Core 2 Linux box, the "sshd" no longer respects "~/.hushlogin" to get a quiet and silent login. Now I get the noisy "Last login: somedate from somehost" line. I really loved that feature. ;-) The problem is related to a change in "session.c",
2002 Aug 01
0
Tru64 and OSF/1 Privsep patch
Ok.. I need wider testing for this. I'm getting reports back it works mostly. 'ssh site ls' fails, but they can login with Privsep enbled. Can I get those who are using Tru64 or OSF/1 that have SIA enabled to test? This should apple to either -cvs or the current snapshot (I would perfer not to use 3.4p1 due to bugs). I'm going on a trip next week and will be around very spotty
2002 Jun 28
0
Newer OSF patch.
It still is not right, but thanks to Steve we have gotten this far.. The issue seems to be here: debug3: entering: type 26 debug3: entering debug1: session_new: init debug1: session_new: session 0 debug3: entering: type 26 : sendmsg(12): Invalid argument debug1: Calling cleanup 0x1200365c0(0x14000d9d8) debug1: session_pty_cleanup: session 0 release /dev/ttyp4 debug1: Calling cleanup
2004 Aug 23
8
[Bug 918] ssh_gssapi_storecreds called to late to be usable by PAM in sesion.c
http://bugzilla.mindrot.org/show_bug.cgi?id=918 Summary: ssh_gssapi_storecreds called to late to be usable by PAM in sesion.c Product: Portable OpenSSH Version: -current Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: PAM support AssignedTo: