similar to: PAM session setup and environment variables

On ???, 16 ??? 2024, Michal Sekletar wrote: > Hello everyone, > > I am trying to adjust the systemd-logind classification of the SSH > session opened by Ansible client. By default the SSH session created > by Ansible client is Class=user and Type=tty in systemd-logind. > pam_systemd.so allows users to change this default via the environment > variables XDG_SESSION_CLASS and

On Mon, 16 Dec 2024, Michal Sekletar wrote: > Hello everyone, > > I am trying to adjust the systemd-logind classification of the SSH > session opened by Ansible client. By default the SSH session created > by Ansible client is Class=user and Type=tty in systemd-logind. > pam_systemd.so allows users to change this default via the environment > variables XDG_SESSION_CLASS and

>Okay, this appears to be a problem with pam_unix.so - the code in >pam_sm_open_session is written with the assumption that the tty name is of >the form "/dev/" + something else on the end. I'm not sure why the pam_sm_open_session in pam_unix on Solaris now does this: /* report error if ttyn or rhost are not set */ if ((ttyn == NULL) || (rhost == NULL))

Hello, There's a file server running CentOS 7 with packaged Samba: # rpm -qi samba Name : samba Epoch : 0 Version : 4.10.4 Release : 11.el7_8 Architecture: x86_64 ... Source RPM : samba-4.10.4-11.el7_8.src.rpm Build Date : Tue 12 May 2020 04:31:13 PM UTC ... Packager : CentOS BuildSystem <http://bugs.centos.org> When a user opens a file share, there's an

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 The same result without CFLAGS: configure:17300: checking for mblen configure:17356: gcc -o conftest -g -O2 -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -fno-strict-aliasing -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE

When we installed OpenSSH 2.1.1p4 on our Solaris systems, our users noticed that it did not honor password expiration consistently with other Solaris login services. The patch below is against OpenSSH 2.2.0p1 and adds support for PAM password changes on expiration via pam_chauthtok(). A brief summary of changes: auth-pam.c: * change declaration of pamh to "static pam_handle_t *pamh",

On Tue, Dec 17, 2024 at 5:40?AM Damien Miller <djm at mindrot.org> wrote: > User-specified environment variables are not propogated to the > environment where sshd invokes PAM modules because the SSH protocol > sends them at the time a session is opened, well after authentication > has completed. At best, they could be made available to the PAM > session modules but

https://bugzilla.mindrot.org/show_bug.cgi?id=1799 Summary: Unable to login through PAM on Solaris 8 x86 due to PAM_TTY Product: Portable OpenSSH Version: 5.5p1 Platform: ix86 OS/Version: Solaris Status: NEW Severity: major Priority: P2 Component: PAM support AssignedTo:

I ran into an odd problem today. I wanted to share it here in the hopes of maybe saving someone else some lost time. When you run libvirtd as an unprivileged user (e.g., if you target qemu:///session from a non-root account), then libvirt will open a unix domain socket in one of two places: - If XDG_RUNTIME_DIR is defined, then inside $XDG_RUNTIME_DIR/libvirt/libvirt-sock - If

I'm experimenting with smb + winbind. My host is joined to AD and I can login to my host fine using my AD credentials via SSH.?? The only issue is that I don't get a Kerberos ticket generated. In /etc/security/pam_winbind.conf I have: krb5_auth = yes krb5_ccache_type = KEYRING In /etc/krb5.conf, I also have: default_ccache_name = KEYRING:persistent:%{uid} Using wbinfo -K jas, then

Unstable release in 1.8 series. Overview of changes in lightdm 1.7.2 * Fix incorrectly distributed guest-session apparmor data Overview of changes in lightdm 1.7.1 * Fix .pc file for liblightdm-qt5-3 * Add a new option "autologin-in-background" which lets an autologin happen in a second display while still showing the greeter. * Stop if fail to create default

With OpenSSH 2.9.9p2 as the server, I'm not able to do scp or "ssh machinename command" in general to any of my Suns! I tracked this down a bit; the problem occurs only when PAM support is enabled. However, if I remove line 430 of session.c, "do_pam_session(s->pw->pw_name, NULL);" inside of do_exec_no_pty, the problem goes away. It looks like the following entry

On 7/28/2020 4:11 PM, Jason Keltz wrote: > > On 7/28/2020 3:59 PM, Jason Keltz via samba wrote: >> I'm experimenting with smb + winbind. >> >> My host is joined to AD and I can login to my host fine using my AD >> credentials via SSH.?? The only issue is that I don't get a Kerberos >> ticket generated. >> >> In

I did re-read the whole thread again. Im running out of options.. When i look at : https://wiki.samba.org/index.php/PAM_Offline_Authentication You can do these last checks. Run the : Testing offline authentication as show on the wiki. Debian normaly does not have /etc/security/pam_winbind.conf, check if its there if so backup it remove it. Check if these packages are installed.

As many of you know, OpenSSH 3.7.X, unlike previous versions, makes PAM authentication take place in a separate process or thread (launched from sshpam_init_ctx() in auth-pam.c). By default (if you don't define USE_POSIX_THREADS) the code "fork"s a separate process. Or if you define USE_POSIX_THREADS it will create a new thread (a second one, in addition to the primary thread). The

Am 21.02.22 um 16:24 schrieb Fabian Arrotin: > On 21/02/2022 15:49, Leon Fauster via CentOS wrote: >> Hey all, back from vacation and seeing ansible 2.12 in the repos now. >> Anything to be aware of when upgrading from 2.9 to 2.12 in CS8? >> > > You'd be lucky if it works directly , as there were some semantic > changes in ansible, so you'll probably have to

On 11 Apr 2018 09:48 Fabian Arrotin wrote: > On 11/04/18 13:58, James Hogarth wrote: > > For those not aware ansible has been deprecated in RHEL7 from the extras > > repository. > > > > In the RHEL specific world it's now in an optional "product" (basically an > > optional subscription) that is part of any RHEL subscription, but it's opt >

I just don't know what else to try. I've beat my head on this for 3 days now and it's becoming obvious that either Ansible 2.3 is a complete disaster, or the CentOS 7 package is a complete cluster. Here's my problem. I am working on getting an ansible server to manage about 100 or so CentOS 6 servers. All have an unprivileged user account setup (up to 3 years before I got

For those not aware ansible has been deprecated in RHEL7 from the extras repository. In the RHEL specific world it's now in an optional "product" (basically an optional subscription) that is part of any RHEL subscription, but it's opt in. As a result ansible is back in the EPEL7 repository for 2.5.0+ , having been removed for ansible 2.4.2 when it got introduced to the RHEL

What would you recommend: ansible is in EPEL8 and ConfigSIG. For the latter I do not see any sources in git.centos.org. Where they come from? I wonder with which repository I should use (long term)? dnf not checking gpg signature sounds scary: https://github.com/ansible/ansible/blob/v2.9.13/changelogs/CHANGELOG-v2.9.rst#security-fixes -- Leon