similar to: dovecot pam const

Hello, I was wondering where I might find more information about using OTP as an authentication protocol with dovecot. In searching, I found a thread from 2004, but not much information about how it has progressed from then. I also saw some promising patches from mid-last year, which if I had to guess are probably the addition of support for the SASL OTP mechanism. Is this available in a

freebsd 6.0 Dovecot v1.0.rc25 dovecot: Apr 14 17:06:25 Error: IMAP(ddalton): file mbox-sync-rewrite.c: line 408 (mbox_sync_read_and_move): assertion failed: (need_space == (uoff_t)-mails[idx].space) dovecot: Apr 14 17:06:26 Error: child 60712 (imap) killed with signal 6 Core was generated by `imap'. Program terminated with signal 6, Aborted. Reading symbols from

While configuring my server with dovecot I noticed that the PAM authentication driver does not support the username_format option as does the password file driver. This didn't seem too hard to implement so I through together a patch. As you can see in the attached patch I only modify the username sent to PAM. Despit doing this I run into the domain lost

Hi All. Attached is a patch that converts pam_chauthtok_conv into a generic pam_tty_conv, which is used rather than null_conv for do_pam_session. This allows, for example, display of messages from PAM session modules. The accumulation of PAM messages into loginmsg won't help until there is a way to collect loginmsg from the monitor (see, eg, the patches for bug #463). This is because the

Hi I'm attempting to compile samba 222 on Solaris 2.8 using Sun Forte 6 C compiler but I'm getting error messages. I used the following sequence of commands: setenv CC cc ./configure --prefix=/usr/local/samba.22 --with-acl-support --with-pam --with-pam_smbpass --with-syslog make See messages below: ================================================================ ..........

Builds using -Werror are failing again: [off-dbg] : [llvm] cc1plus: warnings being treated as errors [off-dbg] : [llvm] /ptmp/dag/llvm/official/llvm/lib/Support/APInt.cpp: In function 'unsigned int getDigit(char, uint8_t)': [off-dbg] : [llvm] /ptmp/dag/llvm/official/llvm/lib/Support/APInt.cpp:57: error: comparison between signed and unsigned integer expressions [off-dbg] :

Hi, I'm trying to compile Samba 3.0.14a with Active Directory support on AIX 5.3 with AIX C 7.0. The make process stops with the following error: Using FLAGS = -I/opt/compiled/include -I/opt/compiled/include -I/opt/freeware/include -D_LINUX_SOURCE_COMPAT -qmaxmem=32000 -I./popt -Iinclude -I/home/johsod/freyasamba/samba/samba-3.0.14a/source/include

The following patch (relative to -current) makes PAM a proper kbd-interactive citizen. There are a few limitations (grep for todo), but the code seems to work OK for protocols 1 & 2 with and without privsep. Please have a play! auth2-pam.c is based on code from FreeBSD. Index: auth2-chall.c =================================================================== RCS file:

is this change ok? goal is that PAM with -u0 does not use DNS (like without PAM). Index: auth-pam.c =================================================================== RCS file: /var/cvs/openssh/auth-pam.c,v retrieving revision 1.34 diff -u -r1.34 auth-pam.c --- auth-pam.c 2001/03/27 06:12:24 1.34 +++ auth-pam.c 2001/03/30 16:46:12 @@ -41,6 +41,10 @@ static int do_pam_conversation(int num_msg,

http://bugzilla.mindrot.org/show_bug.cgi?id=524 Summary: Keyboard-interactive PAM back end hides information Product: Portable OpenSSH Version: -current Platform: All OS/Version: All Status: NEW Severity: minor Priority: P2 Component: sshd AssignedTo: openssh-unix-dev at mindrot.org

From: Marco Trevisan (Trevi?o) <mail at 3v1n0.net> --- auth-pam.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/auth-pam.c b/auth-pam.c index ba01dfb0c..932c7e1e2 100644 --- a/auth-pam.c +++ b/auth-pam.c @@ -446,6 +446,9 @@ sshpam_thread_conv(int n, sshpam_const struct pam_message **msg, break; case PAM_ERROR_MSG: case PAM_TEXT_INFO: + debug3("PAM: Got message of

Currently, OpenSSH prints the message: "Warning: You password has expired, please change it now" if the password has expired. It would be nice if the user could/had to change password before continuing, like with Linux console login. I've tried to make an patch, but it doesn't work. Ideas? --- auth-pam.c.org Wed Oct 11 18:03:43 2000 +++ auth-pam.c Wed Oct 11 18:03:44

Hello. I need some help. I was running uw-imap on my IMAP server (so I am using mbox email files), but I was having trouble with Outlook 2013, so I decided to move to dovecot. At first things were looking much better, except that most of my folders, other than the Inbox, were not showing up. I started changing both the dovecot configuration and the folder structure of my mail files,

From: Marco Trevisan (Trevi?o) <mail at 3v1n0.net> PAM modules can change the user during their execution, in such case ssh would still use the user that has been provided giving potentially access to another user with the credentials of another one. So prevent this to happen, by ensuring that the final PAM user is matching the one that initiated the transaction. See also:

Below is a new PAM kbd-int diff based on FreeBSD's code. This code makes PAM kbd-int work with privilege separation. Contrary to what I have previously stated - it *does* handle multiple prompts. What it does not handle is multiple passes through the PAM conversation function, which would be required for expired password changing. I would really appreciate some additional eyes over the

Hi, My company decided to implement security restrictions lately and I was to write more strict authorization modules for pam. One of it works asking for some kind of additional security string (for example pin from some kind of token). It is done by pam module, which asks calling application to do conversation for him: prompt_msg.msg_style = PAM_PROMPT_ECHO_OFF;

The following is a patch (based on FreeBSD code) which gets kbd-int working with privsep. It moves the kbd-int PAM conversation to a child process and communicates with it over a socket. The patch has a limitation: it does not handle multiple prompts - I have no idea how common these are in real-life. Furthermore it is not well tested at all (despite my many requests on openssh-unix-dev@). -d

When we installed OpenSSH 2.1.1p4 on our Solaris systems, our users noticed that it did not honor password expiration consistently with other Solaris login services. The patch below is against OpenSSH 2.2.0p1 and adds support for PAM password changes on expiration via pam_chauthtok(). A brief summary of changes: auth-pam.c: * change declaration of pamh to "static pam_handle_t *pamh",

Hi All. Attached is a patch that implements password expiry with PAM and privsep. It works by passing a descriptor to the tty to the monitor, which sets up a child with that tty as stdin/stdout/stderr, then runs chauthtok(). No setuid helpers. I used some parts of Michael Steffens' patch (bugid #423) to make it work on HP-UX. It's still rough but it works. Tested on Solaris 8 and

Hello, appended is a patch that makes it possible to use PAM both for password authentication and TIS (i.e. s/key or opie or any other interactive challenge/response scheme). I have developed this starting from the patch at http://www.debian.org/Bugs/db/61/61906.html on Debian with openssh-2.1.1p4-3. After configuring ssh with --with-pam-tis, there are two PAM services, "sshd" and