similar to: overview of patches used in Fedora

Hi, I just started building dovecot 1.0beta8 on RHEL4.3 based on atrpm.net .spec file. I noted that 3 patches are included in the .src.rpm and wanted to discuss them. I'm interested in knowing if those patches are relevant to all dovecot users and if they can be applied to dovecot. From: http://dl.atrpms.net/all/dovecot-1.0-0_10.99.beta7.el4.at.src.rpm patch:

>Neither the Sun PAM documentation nor the Linux-PAM documentation >describe the semantics of PAM_REINITIALIZE_CREDS in any useful detail. I would agree it is vague, but then that is also a problem with the XSSO document (http://www.opengroup.org/onlinepubs/008329799/) >Could we please have a clarification on the semantics of >PAM_CRED_ESTABLISH vs. the semantics of

Hello All, I have run into a situation where a user exiting from a PAM_KERBEROS-authenticated session runs the risk of deleting a kinit-generated credentials file that was already sitting on the server. I will explain the problem in detail, but let me begin with my question. It has a specific reference to PAM_KERBEROS, but it can also be a general question. If a user (ssh) session was

Dear all, I've been looking into hacking with some PAM modules, and thought I could learn from the OpenSSH source (it's probably the closest thing to a canonical cross-platform consumer of the API). One thing I've noticed I don't understand though is how OpenSSH's invocation of do_pam_session/setcred can work (in main of the process forked in sshd.c). Ignoring privsep for the

http://bugzilla.mindrot.org/show_bug.cgi?id=926 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- OtherBugsDependingO|994 | nThis| | ------- Additional Comments From dtucker at zip.com.au 2005-05-22 11:03 -------

Should pam_setcred() be called if pam_authenticate() wasn't called? I would say not; both of these functions are in the authenticate part of pam. It seems the the 'auth' part of pam config controls which modules get called, so if you didn't to _authenticate() you shouldn't do _setcred(). thx /fc

>> >Could we please have a clarification on the semantics of >> >PAM_CRED_ESTABLISH vs. the semantics of PAM_REINITIALIZE_CREDS? >> >> My interpretation is: >> >> You call PAM_ESTABLISH_CRED to create them >> You call PAM_REINITIALIZE_CRED to update creds that can expire over time, >> for example a kerberos ticket. Oops. I meant

http://bugzilla.mindrot.org/show_bug.cgi?id=789 Summary: pam_setcred() not being called as root Product: Portable OpenSSH Version: 3.7.1p2 Platform: ix86 OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: PAM support AssignedTo: openssh-bugs at mindrot.org ReportedBy:

http://bugzilla.mindrot.org/show_bug.cgi?id=789 Summary: pam_setcred() not being called as root Product: Portable OpenSSH Version: 3.7.1p2 Platform: ix86 OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: PAM support AssignedTo: openssh-bugs at mindrot.org ReportedBy:

Trying 2.1.1p2 on HP-UX 11 (trusted system) I get: Jul 3 14:24:53 robinson sshd[1236]: debug: Encryption type: 3des Jul 3 14:24:53 robinson sshd[1236]: debug: Received session key; encryption turned on. Jul 3 14:24:53 robinson sshd[1236]: debug: Installing crc compensation attack detector. Jul 3 14:24:53 robinson sshd[1236]: debug: Starting up PAM with username "stevesk" Jul 3

Outside the known 'Hang-on-exit' bug and the Solaris 'PAM_TTY_KLUDGE' required. *WHAT* other issues *MUST* be address before 3.0 which is approaching fast? Those running NeXTStep I need conformation that it works under NeXT. My current Slab is packed in a storage unit due to a fire in my apartment complex (happened above me so I'm wrapping up dealing with that crap =). -

When we installed OpenSSH 2.1.1p4 on our Solaris systems, our users noticed that it did not honor password expiration consistently with other Solaris login services. The patch below is against OpenSSH 2.2.0p1 and adds support for PAM password changes on expiration via pam_chauthtok(). A brief summary of changes: auth-pam.c: * change declaration of pamh to "static pam_handle_t *pamh",

Hey there I recently downloaded a folder off an ftp that had [hxc] as the bwginning name of thr dir, now it says it's locked when I try to delete it in KDE. when I try to rm -f in a console it says it doesn't exist, I can't move it, delete it , or change anything about it. When I output a ls -la to a txt it says this about it "drwxr-xr-x 2 root root 4096 Dec 2

https://bugzilla.mindrot.org/show_bug.cgi?id=2548 Bug ID: 2548 Summary: Make pam_set_data/pam_get_data work with OpenSSH Product: Portable OpenSSH Version: 7.2p1 Hardware: Sparc OS: Solaris Status: NEW Severity: major Priority: P5 Component: PAM support Assignee:

Fixes a lot of bugs. The next release will be the first "release candidate" instead of a beta. * PAM: Don't call pam_setcred() unless setcred=yes PAM passdb argument was given. * Moved around settings in dovecot-example.conf to be in more logical groups. + Local delivery agent (deliver binary) works again. + LDAP: Added support for SASL binding. Patch by Geert Jansen +

Fixes a lot of bugs. The next release will be the first "release candidate" instead of a beta. * PAM: Don't call pam_setcred() unless setcred=yes PAM passdb argument was given. * Moved around settings in dovecot-example.conf to be in more logical groups. + Local delivery agent (deliver binary) works again. + LDAP: Added support for SASL binding. Patch by Geert Jansen +

I'm in a situation here at work where I'm trying to support a mixed network of OS X and RHEL desktop machines with a Postfix/Dovecot combination. - user account information is stored in LDAP - user credentials are in MIT Kerberos - server is running RHEL 6/Dovecot 2.0.9/Postfix 2.6.6 I am currently using the PAM passdb module to authenticate my users (I began to have trouble

Hello, We use USE_POSIX_THREADS in our HP-UX build of OpenSSH. When we connect a non-root user with PAM [pam-kerberos] then I get the following error. debug3: PAM: opening session debug1: PAM: reinitializing credentials PAM: pam_setcred(): Failure setting user credentials This is particularly for non-root users with PrivSep YES. When I connect to a root user with PrivSep YES or to a non-root

https://bugzilla.mindrot.org/show_bug.cgi?id=2549 Bug ID: 2549 Summary: [PATCH] Allow PAM conversation for pam_setcred for keyboard-interactive authentication Product: Portable OpenSSH Version: 7.1p2 Hardware: Sparc OS: Solaris Status: NEW Severity: enhancement Priority: P5

In do_pam_cleanup_proc(), there are 3 calls to PAM: 1) pam_close_session() - do lastlog stuff 2) pam_setcred(PAM_DELETE_CRED) - delete credentials 3) pam_end() - close PAM It appears that pam_setcred() always fails with the error PAM_PERM_DENIED. This is due to a check done pam_unix.so to not allow a caller with euid 0 to even try to delete their SECURE_RPC credentials. When sshd calls