Displaying 20 results from an estimated 1000 matches similar to: "[Bug 2475] New: Login failure when PasswordAuthentication, ChallengeResponseAuthentication, and PermitEmptyPasswords are all enabled"
2004 Jan 29
10
Back to 3.0.1, Winbind and Solaris 9
I've gone back to 3.0.1 to try and get winbind to work with my Solaris 9
machine and NT4 domain. Everything works except user authentication. The
wbinfo and getent commands do what they are supposed to.
I've included a truss of 'su - ganguly'
According to pamlog, the user 'ganguly' has been granted access but it is
still hanging.
How do I do a truss of a telnet login?
2008 Feb 22
3
Winbind 3.0.26a cannot authenticate with ActiveDirectory
I am using Ubuntu Gutsy, which comes with Winbind 3.0.26a. I am using the
same configuration that worked on Ubuntu Feisty, which uses Winbind 3.0.24.
Something changed with Winbind, apparently, to break the configuration that
was working perfectly. How can I fix my configuration to work with the new
version?
The symptoms are as follows:
wbinfo -t works
wbinfo can retrieve a list of users
wbinfo
2009 Mar 13
1
PAM_WINBIND problem with sambaPwdMustChange
Hi People!
I use pam_winbind for authentication in my computer workstation using
Debian Lenny 5.0, Stable Version.
I configure my user with this option "sambaPwdMustChange: 0", and I
logon in GDM without asking to change password. Who knows what can be?
I use Samba PDC with Heimdal Kerberos, but, I configure PAM with only
pam_winbind for tests...
Client versions:
ii
2003 Jul 10
1
OpenSSH 3.6.1p2 +UnixWare 7.1.1 +SSH2 + PasswordAuthentication no + PermitEmptyPasswords yes (followup)
Greetings,
Problem : Openssh3.6.1p2 on UnixWare 7.1.1 allows access to passwordless
account without a valid key when sshd_config has PasswordAuthentication no
+ PermitEmptyPasswords yes
Attempts:
Installed maintence pack3 and recompiled both OpenSSH and OpenSSL (0.9.7b)
with native c compiler.
Recompiled both OpenSSH and OpenSSL (0.9.7b) with gcc (2.95.2).
Still the same problem.
Looking at
2003 Jul 10
1
OpenSSH 3.6.1p2 +UnixWare 7.1.1 +SSH2 + PasswordAuthentication no + PermitEmptyPasswords yes
Greetings,
I recently discovered a problem with OpenSSH 3.6.1p2 and UnixWare 7.1.1
(as well as OpenServer 5.0.X and SCO 3.2v4.2)
When I set up sshd_config as follows:
PasswordAuthentication no
PermitEmptyPasswords yes
and try to connect to a password less account ( I know its a F*up, but
that's the application ID10Ts .... ) I can get in using the SSH2 version
without a valid key, the
2002 Mar 26
2
SSH / PAM / Kerberos / password aging
Ok, so, things are complicated.
The PAM standard insists on password aging being done after account
authorization, which comes after user authentication. Kerberos can't
authenticate users whose passwords are expired.
So PAM_KRB5 implementations tend to return PAM_SUCCESS from
pam_krb5:pam_sm_authenticate() and arrange for pam_krb5:pam_sm_acct_mgmt()
to return PAM_NEW_AUTHTOK_REQD, as
2006 Jun 29
1
3.0.23rc3 pam_winbind error
Hi
3.0.23rc3 pam_winbind on SLES9/i386 with the provided RPMs doesn't work:
PAM unable to resolve symbol: pam_sm_authenticate
PAM unable to resolve symbol: pam_sm_setcred
Is this a compile problem ? SLES9 specific ?
I am trying to setup the cool Kerberos integration that Samba can do for
Linux. Can anyone point me to docs about that ?
Thanks,
Schlomo
2018 Jul 24
2
Failed to establish your Kerberos Ticket cache due time differences with the domain controller
I did re-read the whole thread again.
Im running out of options..
When i look at :
https://wiki.samba.org/index.php/PAM_Offline_Authentication
You can do these last checks.
Run the : Testing offline authentication as show on the wiki.
Debian normaly does not have /etc/security/pam_winbind.conf, check if its there if so backup it remove it.
Check if these packages are installed.
2000 Dec 27
5
PAM configuration
To stem the tide of support requests from people who don't read the
INSTALL file when installing OpenSSH and then complain about password
auth failing. I am considering the idea of automagically installing a
PAM file into /etc/pam.d if it exists, PAM support is enabled and no
such file already exists.
I have a couple of questions:
- How is PAM controlled on Solaris? Is there a pam.d
2020 May 03
10
[Bug 3157] New: known_hosts @cert-authority with legacy plain key entry drops incorrect set of HostKeyAlgorithms
https://bugzilla.mindrot.org/show_bug.cgi?id=3157
Bug ID: 3157
Summary: known_hosts @cert-authority with legacy plain key
entry drops incorrect set of HostKeyAlgorithms
Product: Portable OpenSSH
Version: 8.1p1
Hardware: All
OS: Mac OS X
Status: NEW
Severity: normal
Priority:
2001 Aug 28
1
OpenSSHd barfs upon reauthentication: PAM, Solaris 8
We've been having trouble with OpenSSH 2.9p2, running on Solaris 8
(a domain of an E10k), with PAM authentication turned on. It
intermittently crashes with signal 11 (seg fault) after the password
is entered, after the MOTD is displayed, but before control is passed
over to the login shell. I eventually managed to persuade sshd's child
process to consistently crash, upon entry of an
2003 Mar 06
1
OSX & Authentication
Hi,
Taking a stab at getting OSX Server 10.2.4 running Dovecot -- with a
minor tweak of replacing lchown() with chown() in the
src/lib/sakfe-mkdir.c, it compiled and installed without any problems.
However, oddness in authentication. It works once, but only once. I'm
trying to use pam and have the following:
auth required pam_securityserver.so
auth sufficient
2020 Jul 28
2
kerberos ticket on login problem
I'm experimenting with smb + winbind.
My host is joined to AD and I can login to my host fine using my AD
credentials via SSH.?? The only issue is that I don't get a Kerberos
ticket generated.
In /etc/security/pam_winbind.conf I have:
krb5_auth = yes
krb5_ccache_type = KEYRING
In /etc/krb5.conf, I also have:
default_ccache_name = KEYRING:persistent:%{uid}
Using wbinfo -K jas, then
2001 Sep 05
1
reinit_creds (was Re: OpenSSHd barfs upon reauthentication: PAM, Solaris 8)
>> >Could we please have a clarification on the semantics of
>> >PAM_CRED_ESTABLISH vs. the semantics of PAM_REINITIALIZE_CREDS?
>>
>> My interpretation is:
>>
>> You call PAM_ESTABLISH_CRED to create them
>> You call PAM_REINITIALIZE_CRED to update creds that can expire over time,
>> for example a kerberos ticket.
Oops. I meant
2003 Jul 04
1
Is it sombody who has a working pam.conf for Solaris 9 ?
Hi,
I am trying to setup PAM for telnet on my solaris 9 box and the pam_winbind
grant me access but I recieve a acount failure:
Jul 4 13:29:59 clusterix1 pam_winbind[9688]: user 'patrikg' granted acces
Jul 4 13:29:59 clusterix1 login[9688]: login account failure: Permission denied
The values in pam.conf for winbind is:
login auth required /usr/lib/security/pam_winbind.so
other
2002 Jan 29
21
locked account accessable via pubkey auth
maybe this is a silly question ;-) But why is it possible to login on a
machine with a locked account (passwd -l ) via pubkey-authentication
(authorized_keys) ?
I use OpenSSH3.01p1on Solaris8 with PAM support so I thought this should not
happen.
If this is the normal behaviour and built in intentionally what would be the
easiest way to lock an account without deleting the users authorized_keys ?
2007 Dec 05
1
AD returns only one group for all users
Dear list,
I'm trying to get a Thumper (Sun Fire X4500) to play nice with AD so
that we can offer a nearline storage service. Since many of our users
will have multiple group memberships, it's imperative that samba be able
to recurse through the groups that a user is a member of to determine if
they have access to a resource.
What happens instead is that every user who authenticates is
2005 Jun 08
1
Possible security flaw in OpenSSH and/or pam_krb5
openssh-unix-dev at mindrot.org
kerberos at ncsa.uiuc.edu
We believe there is a security flaw in either OpenSSH and/or RedHat's pam_krb5
module. When a Kerberos principal has the REQUIRES_PWCHANGE
(+needchange) flag set, OpenSSH+pam_krb5 will still successfully
authenticate the user. Local 'su' and 'login' fail in this case which
leads us to believe it's at least
2020 Jul 29
1
kerberos ticket on login problem
On 7/28/2020 4:11 PM, Jason Keltz wrote:
>
> On 7/28/2020 3:59 PM, Jason Keltz via samba wrote:
>> I'm experimenting with smb + winbind.
>>
>> My host is joined to AD and I can login to my host fine using my AD
>> credentials via SSH.?? The only issue is that I don't get a Kerberos
>> ticket generated.
>>
>> In
2003 Dec 15
1
Solaris Winbind LDAP pam_mkhomedir.so
Dear list,
How do I test whether I have access to my winbind LDAP backend from my
Solaris 9 machine? My LDAP database is held on a Redhat 9.0 machine also
running Samba 3.0.0.
I know winbind works because getent and wbinfo show up my NT users and
groups.
I would also like to have people log into my Solaris 9 machine with their NT
usernames, I have this working on Redhat already but Solaris is