Displaying 20 results from an estimated 2000 matches similar to: "[Bug 2549] New: [PATCH] Allow PAM conversation for pam_setcred for keyboard-interactive authentication"
2016 Mar 04
7
[Bug 2548] New: Make pam_set_data/pam_get_data work with OpenSSH
https://bugzilla.mindrot.org/show_bug.cgi?id=2548
Bug ID: 2548
Summary: Make pam_set_data/pam_get_data work with OpenSSH
Product: Portable OpenSSH
Version: 7.2p1
Hardware: Sparc
OS: Solaris
Status: NEW
Severity: major
Priority: P5
Component: PAM support
Assignee:
2004 May 18
2
pam_setcred fails for "USE_POSIX_THREADS + non-root users + PrivSep yes"
Hello,
We use USE_POSIX_THREADS in our HP-UX build of OpenSSH. When we connect a
non-root user with PAM [pam-kerberos] then I get the following error.
debug3: PAM: opening session
debug1: PAM: reinitializing credentials
PAM: pam_setcred(): Failure setting user credentials
This is particularly for non-root users with PrivSep YES. When I connect to
a root user with PrivSep YES or to a non-root
2004 Jan 14
18
[Bug 789] pam_setcred() not being called as root
http://bugzilla.mindrot.org/show_bug.cgi?id=789
Summary: pam_setcred() not being called as root
Product: Portable OpenSSH
Version: 3.7.1p2
Platform: ix86
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P2
Component: PAM support
AssignedTo: openssh-bugs at mindrot.org
ReportedBy:
2004 Jan 14
18
[Bug 789] pam_setcred() not being called as root
http://bugzilla.mindrot.org/show_bug.cgi?id=789
Summary: pam_setcred() not being called as root
Product: Portable OpenSSH
Version: 3.7.1p2
Platform: ix86
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P2
Component: PAM support
AssignedTo: openssh-bugs at mindrot.org
ReportedBy:
2003 Jun 04
3
pam_setcred() without pam_authenticate()?
Should pam_setcred() be called if pam_authenticate() wasn't called?
I would say not; both of these functions are in the authenticate
part of pam.
It seems the the 'auth' part of pam config controls which modules get
called, so if you didn't to _authenticate() you shouldn't do _setcred().
thx
/fc
2009 Jun 29
2
configure dovecot to invoke pam_setcred() from the same process that accesses ~/Maildir?
Hello. I'm wondering how one would go about configuring dovecot to
invoke pam_setcred() from the same process as (or a parent process of)
the process which eventually reads the user's mail off the disk. This
is required for pam modules that set kernel-level credentials which
are later used to access the user's mail files.
In particular, I'm trying to use dovecot with pam_krb5
2002 Apr 01
2
[Bug 189] pam_setcred() failures should not be treated as fatal
http://bugzilla.mindrot.org/show_bug.cgi?id=189
------- Additional Comments From stevesk at pobox.com 2002-04-01 17:49 -------
why should pam_setcred() failures not be treated as fatal?
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
2003 Oct 29
4
Fix for USE_POSIX_THREADS in auth-pam.c
As many of you know, OpenSSH 3.7.X, unlike previous versions, makes
PAM authentication take place in a separate process or thread
(launched from sshpam_init_ctx() in auth-pam.c). By default (if you
don't define USE_POSIX_THREADS) the code "fork"s a separate process.
Or if you define USE_POSIX_THREADS it will create a new thread (a
second one, in addition to the primary thread).
The
2002 Mar 26
0
[Bug 189] New: pam_setcred() failures should not be treated as fatal
http://bugzilla.mindrot.org/show_bug.cgi?id=189
Summary: pam_setcred() failures should not be treated as fatal
Product: Portable OpenSSH
Version: 3.1p1
Platform: Other
OS/Version: All
Status: NEW
Severity: normal
Priority: P2
Component: sshd
AssignedTo: openssh-unix-dev at mindrot.org
2015 May 14
1
[Bug 2399] New: openssh server should fatal out when pam_setcred and pam_open_session fail
https://bugzilla.mindrot.org/show_bug.cgi?id=2399
Bug ID: 2399
Summary: openssh server should fatal out when pam_setcred and
pam_open_session fail
Product: Portable OpenSSH
Version: 6.8p1
Hardware: Sparc
OS: Solaris
Status: NEW
Severity: normal
Priority: P5
2005 Jun 29
3
sshd deletes the GSSAPI ticket on exit
Hello All,
I have run into a situation where a user exiting from a
PAM_KERBEROS-authenticated session runs the risk of deleting a
kinit-generated credentials file that was already sitting on the server. I
will explain the problem in detail, but let me begin with my question. It
has a specific reference to PAM_KERBEROS, but it can also be a general
question.
If a user (ssh) session was
1999 Dec 28
0
Patches to report rsaref build and to call pam_setcred
I've attached two patches. The first just changes the output of "ssh -V"
to print that it was built against rsaref if libRSAglue (which is built
as part of openssl only when it is built against rsaref) is present at
build-time. The second adds appropriate calls to pam_setcred() in sshd.
Without them, our systems can't access AFS because the PAM modules only
get tokens at a
2003 Sep 22
1
[Bug 698] fixed bug in calling pam_setcred
http://bugzilla.mindrot.org/show_bug.cgi?id=698
Summary: fixed bug in calling pam_setcred
Product: Portable OpenSSH
Version: 3.7.1p1
Platform: All
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P2
Component: PAM support
AssignedTo: openssh-bugs at mindrot.org
ReportedBy: postadal
2015 Apr 13
1
[Bug 2380] New: [PATCH] Optionally allow pam_setcred to override gid
https://bugzilla.mindrot.org/show_bug.cgi?id=2380
Bug ID: 2380
Summary: [PATCH] Optionally allow pam_setcred to override gid
Product: Portable OpenSSH
Version: -current
Hardware: All
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: PAM support
Assignee:
2006 May 09
0
auth: pam_setcred() failed: Error in service module
Hi,
I have a strange problem with authentication. Some users can
successfully authenticate and some users can not authenticate.
All users use the same client (thunderbird-1.5.0.2-win32-de).
At the problematic users i get the following error message:
============ snip ===================
auth(default): client in: AUTH 8 PLAIN service=IMAP secured lip=10.24.1.6 rip=10.211.11.1
2001 Sep 05
1
reinit_creds (was Re: OpenSSHd barfs upon reauthentication: PAM, Solaris 8)
>> >Could we please have a clarification on the semantics of
>> >PAM_CRED_ESTABLISH vs. the semantics of PAM_REINITIALIZE_CREDS?
>>
>> My interpretation is:
>>
>> You call PAM_ESTABLISH_CRED to create them
>> You call PAM_REINITIALIZE_CRED to update creds that can expire over time,
>> for example a kerberos ticket.
Oops. I meant
2001 Sep 05
2
reinit_creds (was Re: OpenSSHd barfs upon reauthentication: PAM, Solaris 8)
>Neither the Sun PAM documentation nor the Linux-PAM documentation
>describe the semantics of PAM_REINITIALIZE_CREDS in any useful detail.
I would agree it is vague, but then that is also a problem with the XSSO
document (http://www.opengroup.org/onlinepubs/008329799/)
>Could we please have a clarification on the semantics of
>PAM_CRED_ESTABLISH vs. the semantics of
2001 Oct 26
1
PAM session cleanup on Sol8 with v2.9.9p2
In do_pam_cleanup_proc(), there are 3 calls to PAM:
1) pam_close_session() - do lastlog stuff
2) pam_setcred(PAM_DELETE_CRED) - delete credentials
3) pam_end() - close PAM
It appears that pam_setcred() always fails with the error PAM_PERM_DENIED.
This is due to a check done pam_unix.so to not allow a caller with euid 0
to even try to delete their SECURE_RPC credentials. When sshd calls
2013 Jan 19
1
PAM function ordering
Dear all,
I've been looking into hacking with some PAM modules, and thought I could
learn from the OpenSSH source (it's probably the closest thing to a
canonical cross-platform consumer of the API).
One thing I've noticed I don't understand though is how OpenSSH's
invocation of do_pam_session/setcred can work (in main of the process
forked in sshd.c). Ignoring privsep for the
2000 Sep 13
2
auth-pam.c support for pam_chauthtok()
When we installed OpenSSH 2.1.1p4 on our Solaris systems, our users
noticed that it did not honor password expiration consistently with
other Solaris login services.
The patch below is against OpenSSH 2.2.0p1 and adds support for PAM
password changes on expiration via pam_chauthtok(). A brief summary of
changes:
auth-pam.c:
* change declaration of pamh to "static pam_handle_t *pamh",