Displaying 20 results from an estimated 1000 matches similar to: "[Bug 2380] New: [PATCH] Optionally allow pam_setcred to override gid"
1999 Dec 28
0
Patches to report rsaref build and to call pam_setcred
I've attached two patches. The first just changes the output of "ssh -V"
to print that it was built against rsaref if libRSAglue (which is built
as part of openssl only when it is built against rsaref) is present at
build-time. The second adds appropriate calls to pam_setcred() in sshd.
Without them, our systems can't access AFS because the PAM modules only
get tokens at a
2004 May 18
2
pam_setcred fails for "USE_POSIX_THREADS + non-root users + PrivSep yes"
Hello,
We use USE_POSIX_THREADS in our HP-UX build of OpenSSH. When we connect a
non-root user with PAM [pam-kerberos] then I get the following error.
debug3: PAM: opening session
debug1: PAM: reinitializing credentials
PAM: pam_setcred(): Failure setting user credentials
This is particularly for non-root users with PrivSep YES. When I connect to
a root user with PrivSep YES or to a non-root
2016 Mar 07
2
[Bug 2549] New: [PATCH] Allow PAM conversation for pam_setcred for keyboard-interactive authentication
https://bugzilla.mindrot.org/show_bug.cgi?id=2549
Bug ID: 2549
Summary: [PATCH] Allow PAM conversation for pam_setcred for
keyboard-interactive authentication
Product: Portable OpenSSH
Version: 7.1p2
Hardware: Sparc
OS: Solaris
Status: NEW
Severity: enhancement
Priority: P5
2001 Sep 06
1
lastlog on Solaris with PAM (patch included)
On Solaris, the pam_unix module includes a pam_session which updates the
lastlog file. Since OpenSSH calls pam_session before reading the lastlog
file, SSH logins to systems with this configuration (as well as similar
ones, I'd imagine) report the last login time and remote host as the values
from the current session.
My solution to this problem is to call pam_open_session in the child,
2002 Oct 21
0
[Bug 419] New: HP-UX PAM problems with 3.5p1
http://bugzilla.mindrot.org/show_bug.cgi?id=419
Summary: HP-UX PAM problems with 3.5p1
Product: Portable OpenSSH
Version: -current
Platform: HPPA
OS/Version: HP-UX
Status: NEW
Severity: normal
Priority: P2
Component: sshd
AssignedTo: openssh-unix-dev at mindrot.org
ReportedBy:
2001 Aug 28
1
OpenSSHd barfs upon reauthentication: PAM, Solaris 8
We've been having trouble with OpenSSH 2.9p2, running on Solaris 8
(a domain of an E10k), with PAM authentication turned on. It
intermittently crashes with signal 11 (seg fault) after the password
is entered, after the MOTD is displayed, but before control is passed
over to the login shell. I eventually managed to persuade sshd's child
process to consistently crash, upon entry of an
2004 Jan 14
18
[Bug 789] pam_setcred() not being called as root
http://bugzilla.mindrot.org/show_bug.cgi?id=789
Summary: pam_setcred() not being called as root
Product: Portable OpenSSH
Version: 3.7.1p2
Platform: ix86
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P2
Component: PAM support
AssignedTo: openssh-bugs at mindrot.org
ReportedBy:
2004 Jan 14
18
[Bug 789] pam_setcred() not being called as root
http://bugzilla.mindrot.org/show_bug.cgi?id=789
Summary: pam_setcred() not being called as root
Product: Portable OpenSSH
Version: 3.7.1p2
Platform: ix86
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P2
Component: PAM support
AssignedTo: openssh-bugs at mindrot.org
ReportedBy:
2002 Mar 26
0
[Bug 189] New: pam_setcred() failures should not be treated as fatal
http://bugzilla.mindrot.org/show_bug.cgi?id=189
Summary: pam_setcred() failures should not be treated as fatal
Product: Portable OpenSSH
Version: 3.1p1
Platform: Other
OS/Version: All
Status: NEW
Severity: normal
Priority: P2
Component: sshd
AssignedTo: openssh-unix-dev at mindrot.org
2015 May 14
1
[Bug 2399] New: openssh server should fatal out when pam_setcred and pam_open_session fail
https://bugzilla.mindrot.org/show_bug.cgi?id=2399
Bug ID: 2399
Summary: openssh server should fatal out when pam_setcred and
pam_open_session fail
Product: Portable OpenSSH
Version: 6.8p1
Hardware: Sparc
OS: Solaris
Status: NEW
Severity: normal
Priority: P5
2002 Jun 26
3
pam session as root
Beyond any more general questions of whether pam sessions *should* be
run as root, is there an immediate security concern with moving the
pam_open_session (and pam_setcred) stuff to the parent (root) process?
(E.g., via the patch below.)
--
Mike Stone
diff -u -r1.4 auth-pam.c
--- auth-pam.c 25 Jun 2002 00:45:33 -0000 1.4
+++ auth-pam.c 25 Jun 2002 20:33:41 -0000
@@ -286,6 +286,8 @@
2003 Sep 22
1
[Bug 698] fixed bug in calling pam_setcred
http://bugzilla.mindrot.org/show_bug.cgi?id=698
Summary: fixed bug in calling pam_setcred
Product: Portable OpenSSH
Version: 3.7.1p1
Platform: All
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P2
Component: PAM support
AssignedTo: openssh-bugs at mindrot.org
ReportedBy: postadal
2006 May 09
0
auth: pam_setcred() failed: Error in service module
Hi,
I have a strange problem with authentication. Some users can
successfully authenticate and some users can not authenticate.
All users use the same client (thunderbird-1.5.0.2-win32-de).
At the problematic users i get the following error message:
============ snip ===================
auth(default): client in: AUTH 8 PLAIN service=IMAP secured lip=10.24.1.6 rip=10.211.11.1
2002 Dec 10
5
[PATCH] Password expiry with Privsep and PAM
Hi All.
Attached is a patch that implements password expiry with PAM and
privsep. It works by passing a descriptor to the tty to the monitor,
which sets up a child with that tty as stdin/stdout/stderr, then runs
chauthtok(). No setuid helpers.
I used some parts of Michael Steffens' patch (bugid #423) to make it
work on HP-UX.
It's still rough but it works. Tested on Solaris 8 and
2003 Jun 04
3
pam_setcred() without pam_authenticate()?
Should pam_setcred() be called if pam_authenticate() wasn't called?
I would say not; both of these functions are in the authenticate
part of pam.
It seems the the 'auth' part of pam config controls which modules get
called, so if you didn't to _authenticate() you shouldn't do _setcred().
thx
/fc
2005 May 22
3
[Bug 926] pam_session_close called as user or not at all
http://bugzilla.mindrot.org/show_bug.cgi?id=926
dtucker at zip.com.au changed:
What |Removed |Added
----------------------------------------------------------------------------
OtherBugsDependingO|994 |
nThis| |
------- Additional Comments From dtucker at zip.com.au 2005-05-22 11:03 -------
2003 Oct 29
4
Fix for USE_POSIX_THREADS in auth-pam.c
As many of you know, OpenSSH 3.7.X, unlike previous versions, makes
PAM authentication take place in a separate process or thread
(launched from sshpam_init_ctx() in auth-pam.c). By default (if you
don't define USE_POSIX_THREADS) the code "fork"s a separate process.
Or if you define USE_POSIX_THREADS it will create a new thread (a
second one, in addition to the primary thread).
The
2002 Apr 01
2
[Bug 189] pam_setcred() failures should not be treated as fatal
http://bugzilla.mindrot.org/show_bug.cgi?id=189
------- Additional Comments From stevesk at pobox.com 2002-04-01 17:49 -------
why should pam_setcred() failures not be treated as fatal?
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
2009 Jun 29
2
configure dovecot to invoke pam_setcred() from the same process that accesses ~/Maildir?
Hello. I'm wondering how one would go about configuring dovecot to
invoke pam_setcred() from the same process as (or a parent process of)
the process which eventually reads the user's mail off the disk. This
is required for pam modules that set kernel-level credentials which
are later used to access the user's mail files.
In particular, I'm trying to use dovecot with pam_krb5
2002 Apr 26
0
[Bug 228] New: pam_krb5 on Solaris creates credentials with wrong owner
http://bugzilla.mindrot.org/show_bug.cgi?id=228
Summary: pam_krb5 on Solaris creates credentials with wrong owner
Product: Portable OpenSSH
Version: 3.1p1
Platform: UltraSparc
OS/Version: Solaris
Status: NEW
Severity: normal
Priority: P2
Component: sshd
AssignedTo: openssh-unix-dev at mindrot.org