similar to: PAM session setup and environment variables

On ???, 16 ??? 2024, Michal Sekletar wrote: > Hello everyone, > > I am trying to adjust the systemd-logind classification of the SSH > session opened by Ansible client. By default the SSH session created > by Ansible client is Class=user and Type=tty in systemd-logind. > pam_systemd.so allows users to change this default via the environment > variables XDG_SESSION_CLASS and

On Mon, 16 Dec 2024, Michal Sekletar wrote: > Hello everyone, > > I am trying to adjust the systemd-logind classification of the SSH > session opened by Ansible client. By default the SSH session created > by Ansible client is Class=user and Type=tty in systemd-logind. > pam_systemd.so allows users to change this default via the environment > variables XDG_SESSION_CLASS and

>Okay, this appears to be a problem with pam_unix.so - the code in >pam_sm_open_session is written with the assumption that the tty name is of >the form "/dev/" + something else on the end. I'm not sure why the pam_sm_open_session in pam_unix on Solaris now does this: /* report error if ttyn or rhost are not set */ if ((ttyn == NULL) || (rhost == NULL))

Hello, There's a file server running CentOS 7 with packaged Samba: # rpm -qi samba Name : samba Epoch : 0 Version : 4.10.4 Release : 11.el7_8 Architecture: x86_64 ... Source RPM : samba-4.10.4-11.el7_8.src.rpm Build Date : Tue 12 May 2020 04:31:13 PM UTC ... Packager : CentOS BuildSystem <http://bugs.centos.org> When a user opens a file share, there's an

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 The same result without CFLAGS: configure:17300: checking for mblen configure:17356: gcc -o conftest -g -O2 -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -fno-strict-aliasing -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE

When we installed OpenSSH 2.1.1p4 on our Solaris systems, our users noticed that it did not honor password expiration consistently with other Solaris login services. The patch below is against OpenSSH 2.2.0p1 and adds support for PAM password changes on expiration via pam_chauthtok(). A brief summary of changes: auth-pam.c: * change declaration of pamh to "static pam_handle_t *pamh",

https://bugzilla.mindrot.org/show_bug.cgi?id=1799 Summary: Unable to login through PAM on Solaris 8 x86 due to PAM_TTY Product: Portable OpenSSH Version: 5.5p1 Platform: ix86 OS/Version: Solaris Status: NEW Severity: major Priority: P2 Component: PAM support AssignedTo:

I ran into an odd problem today. I wanted to share it here in the hopes of maybe saving someone else some lost time. When you run libvirtd as an unprivileged user (e.g., if you target qemu:///session from a non-root account), then libvirt will open a unix domain socket in one of two places: - If XDG_RUNTIME_DIR is defined, then inside $XDG_RUNTIME_DIR/libvirt/libvirt-sock - If

I'm experimenting with smb + winbind. My host is joined to AD and I can login to my host fine using my AD credentials via SSH.?? The only issue is that I don't get a Kerberos ticket generated. In /etc/security/pam_winbind.conf I have: krb5_auth = yes krb5_ccache_type = KEYRING In /etc/krb5.conf, I also have: default_ccache_name = KEYRING:persistent:%{uid} Using wbinfo -K jas, then

Unstable release in 1.8 series. Overview of changes in lightdm 1.7.2 * Fix incorrectly distributed guest-session apparmor data Overview of changes in lightdm 1.7.1 * Fix .pc file for liblightdm-qt5-3 * Add a new option "autologin-in-background" which lets an autologin happen in a second display while still showing the greeter. * Stop if fail to create default

With OpenSSH 2.9.9p2 as the server, I'm not able to do scp or "ssh machinename command" in general to any of my Suns! I tracked this down a bit; the problem occurs only when PAM support is enabled. However, if I remove line 430 of session.c, "do_pam_session(s->pw->pw_name, NULL);" inside of do_exec_no_pty, the problem goes away. It looks like the following entry

On 7/28/2020 4:11 PM, Jason Keltz wrote: > > On 7/28/2020 3:59 PM, Jason Keltz via samba wrote: >> I'm experimenting with smb + winbind. >> >> My host is joined to AD and I can login to my host fine using my AD >> credentials via SSH.?? The only issue is that I don't get a Kerberos >> ticket generated. >> >> In

I did re-read the whole thread again. Im running out of options.. When i look at : https://wiki.samba.org/index.php/PAM_Offline_Authentication You can do these last checks. Run the : Testing offline authentication as show on the wiki. Debian normaly does not have /etc/security/pam_winbind.conf, check if its there if so backup it remove it. Check if these packages are installed.

As many of you know, OpenSSH 3.7.X, unlike previous versions, makes PAM authentication take place in a separate process or thread (launched from sshpam_init_ctx() in auth-pam.c). By default (if you don't define USE_POSIX_THREADS) the code "fork"s a separate process. Or if you define USE_POSIX_THREADS it will create a new thread (a second one, in addition to the primary thread). The

Outside the known 'Hang-on-exit' bug and the Solaris 'PAM_TTY_KLUDGE' required. *WHAT* other issues *MUST* be address before 3.0 which is approaching fast? Those running NeXTStep I need conformation that it works under NeXT. My current Slab is packed in a storage unit due to a fire in my apartment complex (happened above me so I'm wrapping up dealing with that crap =). -

Dear all, For my thesis, I've been working on automatic inference of state machines for SSH servers. I ran into a couple of particularities regarding OpenSSH's inferred state machine, and was hoping some of you might be interested. Maybe you can even shed some light on it. Setup: I'm using LearnLib's (Java) version of the L* learning algorithm [1] to come up with sequences of

Hello, all- Apparently, under Solaris (I can personally confirm SunOS 5.7 and 5.8), pam_open_session will generate a segfault if PAM_TTY is not set. The obvious symptom of this is that OpenSSH 2.9.9p2 will segfault on any operation that does not request a tty (do_exec_no_pty). Based on a quick google search, this seems to have been encountered by others, though the specific symptoms seem to

https://bugs.freedesktop.org/show_bug.cgi?id=96876 Bug ID: 96876 Summary: system freeze "fifo: gr engine fault on channel 6" NVIDIA Product: xorg Version: unspecified Hardware: Other OS: All Status: NEW Severity: normal Priority: medium Component:

I've just noticed that I'm having issues with finding files using "locate" when those files are on btrfs subvolume mounts. The issue is that updatedb cannot discern the difference between a btrfs bind mount and btrfs subvolume [1]. This generally means that if you're using btrfs subvolume mounts and updatedb at the same time, and you want to index those subvolumes,

>> But instead i get >> centos: sshd[7929]: pam_unix(sshd:session): session opened for user >> <username> > > "pam_unix" should be an indication that <username> appears in the local > unix password files. Make sure that it doesn't. Nope. None of the usernames i tried is in /etc/passwd or /etc/shadow > > What do /etc/pam.d/sshd and