Displaying 20 results from an estimated 2000 matches similar to: "PAM session setup and environment variables"
2024 Dec 16
1
PAM session setup and environment variables
On ???, 16 ??? 2024, Michal Sekletar wrote:
> Hello everyone,
>
> I am trying to adjust the systemd-logind classification of the SSH
> session opened by Ansible client. By default the SSH session created
> by Ansible client is Class=user and Type=tty in systemd-logind.
> pam_systemd.so allows users to change this default via the environment
> variables XDG_SESSION_CLASS and
2024 Dec 17
1
PAM session setup and environment variables
On Mon, 16 Dec 2024, Michal Sekletar wrote:
> Hello everyone,
>
> I am trying to adjust the systemd-logind classification of the SSH
> session opened by Ansible client. By default the SSH session created
> by Ansible client is Class=user and Type=tty in systemd-logind.
> pam_systemd.so allows users to change this default via the environment
> variables XDG_SESSION_CLASS and
2024 Dec 19
1
PAM session setup and environment variables
On Thu, 19 Dec 2024, Dmitry V. Levin wrote:
> > We could potentially allow-list some variables, but I'd like to get
> > some input from people who (for example) maintain PAM for distributions
> > on what is acceptable.
>
> With my Linux-PAM hat on, the most essential difference between the
> authenticated user code that currently gets the environment variables
>
2024 Dec 20
1
PAM session setup and environment variables
On Fri, Dec 20, 2024 at 09:25:11AM +1100, Damien Miller wrote:
> On Thu, 19 Dec 2024, Dmitry V. Levin wrote:
>
> > > We could potentially allow-list some variables, but I'd like to get
> > > some input from people who (for example) maintain PAM for distributions
> > > on what is acceptable.
> >
> > With my Linux-PAM hat on, the most essential
2001 Oct 25
6
Regarding PAM_TTY_KLUDGE and Solaris 8...
>Okay, this appears to be a problem with pam_unix.so - the code in
>pam_sm_open_session is written with the assumption that the tty name is of
>the form "/dev/" + something else on the end. I'm not sure why the
pam_sm_open_session in pam_unix on Solaris now does this:
/* report error if ttyn or rhost are not set */
if ((ttyn == NULL) || (rhost == NULL))
2020 Jun 23
2
pam_systemd(samba:session): Failed to create session: No such file or directory
Hello,
There's a file server running CentOS 7 with packaged Samba:
# rpm -qi samba
Name : samba
Epoch : 0
Version : 4.10.4
Release : 11.el7_8
Architecture: x86_64
...
Source RPM : samba-4.10.4-11.el7_8.src.rpm
Build Date : Tue 12 May 2020 04:31:13 PM UTC
...
Packager : CentOS BuildSystem <http://bugs.centos.org>
When a user opens a file share, there's an
2016 Aug 01
2
OpenSSH 7.3p1 can't be build on Solaris 10
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
The same result without CFLAGS:
configure:17300: checking for mblen
configure:17356: gcc -o conftest -g -O2 -Wall -Wpointer-arith
-Wuninitialized -Wsign-compare -Wformat-security
-Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result
-fno-strict-aliasing -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset
-fstack-protector-strong -fPIE
2000 Sep 13
2
auth-pam.c support for pam_chauthtok()
When we installed OpenSSH 2.1.1p4 on our Solaris systems, our users
noticed that it did not honor password expiration consistently with
other Solaris login services.
The patch below is against OpenSSH 2.2.0p1 and adds support for PAM
password changes on expiration via pam_chauthtok(). A brief summary of
changes:
auth-pam.c:
* change declaration of pamh to "static pam_handle_t *pamh",
2024 Dec 17
1
PAM session setup and environment variables
On Tue, Dec 17, 2024 at 5:40?AM Damien Miller <djm at mindrot.org> wrote:
> User-specified environment variables are not propogated to the
> environment where sshd invokes PAM modules because the SSH protocol
> sends them at the time a session is opened, well after authentication
> has completed. At best, they could be made available to the PAM
> session modules but
2010 Jul 16
8
[Bug 1799] New: Unable to login through PAM on Solaris 8 x86 due to PAM_TTY
https://bugzilla.mindrot.org/show_bug.cgi?id=1799
Summary: Unable to login through PAM on Solaris 8 x86 due to
PAM_TTY
Product: Portable OpenSSH
Version: 5.5p1
Platform: ix86
OS/Version: Solaris
Status: NEW
Severity: major
Priority: P2
Component: PAM support
AssignedTo:
2016 Mar 09
4
libvirtd vs XDG_RUNTIME_DIR
I ran into an odd problem today. I wanted to share it here in the
hopes of maybe saving someone else some lost time.
When you run libvirtd as an unprivileged user (e.g., if you target
qemu:///session from a non-root account), then libvirt will open a
unix domain socket in one of two places:
- If XDG_RUNTIME_DIR is defined, then inside
$XDG_RUNTIME_DIR/libvirt/libvirt-sock
- If
2020 Jul 28
2
kerberos ticket on login problem
I'm experimenting with smb + winbind.
My host is joined to AD and I can login to my host fine using my AD
credentials via SSH.?? The only issue is that I don't get a Kerberos
ticket generated.
In /etc/security/pam_winbind.conf I have:
krb5_auth = yes
krb5_ccache_type = KEYRING
In /etc/krb5.conf, I also have:
default_ccache_name = KEYRING:persistent:%{uid}
Using wbinfo -K jas, then
2013 Jun 17
1
lightdm 1.7.2 released
Unstable release in 1.8 series.
Overview of changes in lightdm 1.7.2
* Fix incorrectly distributed guest-session apparmor data
Overview of changes in lightdm 1.7.1
* Fix .pc file for liblightdm-qt5-3
* Add a new option "autologin-in-background" which lets an autologin
happen
in a second display while still showing the greeter.
* Stop if fail to create default
2001 Sep 28
2
2.9.9p2 bug in PAM support
With OpenSSH 2.9.9p2 as the server, I'm not able to do scp or "ssh
machinename command" in general to any of my Suns!
I tracked this down a bit; the problem occurs only when PAM support is
enabled. However, if I remove line 430 of session.c,
"do_pam_session(s->pw->pw_name, NULL);" inside of do_exec_no_pty, the
problem goes away.
It looks like the following entry
2020 Jul 29
1
kerberos ticket on login problem
On 7/28/2020 4:11 PM, Jason Keltz wrote:
>
> On 7/28/2020 3:59 PM, Jason Keltz via samba wrote:
>> I'm experimenting with smb + winbind.
>>
>> My host is joined to AD and I can login to my host fine using my AD
>> credentials via SSH.?? The only issue is that I don't get a Kerberos
>> ticket generated.
>>
>> In
2018 Jul 24
2
Failed to establish your Kerberos Ticket cache due time differences with the domain controller
I did re-read the whole thread again.
Im running out of options..
When i look at :
https://wiki.samba.org/index.php/PAM_Offline_Authentication
You can do these last checks.
Run the : Testing offline authentication as show on the wiki.
Debian normaly does not have /etc/security/pam_winbind.conf, check if its there if so backup it remove it.
Check if these packages are installed.
2003 Oct 29
4
Fix for USE_POSIX_THREADS in auth-pam.c
As many of you know, OpenSSH 3.7.X, unlike previous versions, makes
PAM authentication take place in a separate process or thread
(launched from sshpam_init_ctx() in auth-pam.c). By default (if you
don't define USE_POSIX_THREADS) the code "fork"s a separate process.
Or if you define USE_POSIX_THREADS it will create a new thread (a
second one, in addition to the primary thread).
The
2022 Feb 22
1
ansible upgrade
Am 21.02.22 um 16:24 schrieb Fabian Arrotin:
> On 21/02/2022 15:49, Leon Fauster via CentOS wrote:
>> Hey all, back from vacation and seeing ansible 2.12 in the repos now.
>> Anything to be aware of when upgrading from 2.9 to 2.12 in CS8?
>>
>
> You'd be lucky if it works directly , as there were some semantic
> changes in ansible, so you'll probably have to
2018 Apr 11
1
Ansible repository shenanigans in EL7
On 11 Apr 2018 09:48 Fabian Arrotin wrote:
> On 11/04/18 13:58, James Hogarth wrote:
> > For those not aware ansible has been deprecated in RHEL7 from the extras
> > repository.
> >
> > In the RHEL specific world it's now in an optional "product" (basically an
> > optional subscription) that is part of any RHEL subscription, but it's opt
>
2017 Jun 05
2
C7 ansible 2.3 become_method: su not working
I just don't know what else to try. I've beat my head on this for 3 days
now and it's becoming obvious that either Ansible 2.3 is a complete
disaster, or the CentOS 7 package is a complete cluster. Here's my
problem. I am working on getting an ansible server to manage about 100
or so CentOS 6 servers. All have an unprivileged user account setup (up
to 3 years before I got