[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Patch: Solved: Re: [OpenAFS-devel] PAM / openssh 3.7.1p2

To: Dean Anderson <dean@av8.com>
Subject: Re: Patch: Solved: Re: [OpenAFS-devel] PAM / openssh 3.7.1p2
From: Martin MOKREJŠ <mmokrejs@natur.cuni.cz>
Date: Sat, 18 Oct 2003 02:23:19 +0200 (CEST)
cc: Karsten Künne <karsten.kuenne@desy.de>, Harald Barth <haba@pdc.kth.se>, krb4@sics.se, openafs-devel@openafs.org, heimdal-discuss@sics.se
In-Reply-To: <Pine.LNX.4.44.0310171938050.12640-100000@vista.av8.net>
References: <Pine.LNX.4.44.0310171938050.12640-100000@vista.av8.net>
Sender: owner-heimdal-discuss@sics.se

On Fri, 17 Oct 2003, Dean Anderson wrote:

> Doh!
>
> This patch should be retracted. It didn't quite solve the problem. I found
> that by disabling PRIVSEP the problem was fixed.  PRIVSEP somehow breaks
> setting the PAG.  With PRIVSEP turned off, everything works...

Hmm, this reminds me  a pacth from Jan Iven who wrote a patch I believe
for openssh-3.4 ...

To: Martin MOKREJŠ <mmokrejs@natur.cuni.cz>
Cc: OpenSSH Devel List <openssh-unix-dev@mindrot.org>
Date: 10 Dec 2002 18:05:44 +0100
Subject: Re: [PATCH] Password expiry with Privsep and PAM

>>>>> "MM" == Martin MOKREJŠ <mmokrejs@natur.cuni.cz> writes:

 MM> Is this patch compatible with thsi patch from Jan Iven?
 MM> http://msgs.securepoint.com/cgi-bin/get/openssh-unix-dev-0210/42.html
 MM> Has that patch been fully integradted into cvs already? I guess PrivSep
 MM> should already work if his patch is in place already...  ;)

Most of that had already been implemented at the time I wrote that
patch, I just added it twice while looking at the wrong spot :-o

And it has nothing to do with the password expiry, it was only dealing
with Kerberos4/AFS vs PrivSep thingies.

Regards
Jan

>
> But there are some other complaints about openssh that I haven't provided
> patches for:
>
> Password authentication should try pam with the supplied password.  Apps
> that don't support keyboard-interactive/pam and just do passwords should
> still use PAM modules.  Openssh is basically useless on PAM systems, since
> many/most ssh clients do not support keyboard-interactive/pam.  It looks
> like this was intentionally removed... Is there any chance it might be put
> back?

I know Darren Tucker is willing to help krb stuff, although he doesn;t use it.
In my experience he is almost the only one who respondes at all.

Martin
>
>
> 		--Dean
>
> On Fri, 17 Oct 2003, [iso-8859-2] Martin MOKREJŠ wrote:
>
> > On Mon, 6 Oct 2003, Dean Anderson wrote:
> >
> > HI,
> >   just wanted to be sure at least some things get fixed in the portable
> > release, but this is what I got back about your patch. What do you think?
> > Will you discuss at openssh-unix-dev and submit the patch to openssh
> > developers and Cc: us? ;)
> > Thanks!
> >
> >
> > --- forwarded message
> > From: Darren Tucker <dtucker@zip.com.au>
> > To: Martin MOKREJŠ <mmokrejs@natur.cuni.cz>
> > Date: Fri, 17 Oct 2003 21:09:18 +1000
> > Subject: Re: Patch: Solved: Re: [OpenAFS-devel] PAM / openssh 3.7.1p2 (fwd)
> >
> >     [ The following text is in the "iso-8859-1" character set. ]
> >     [ Your display is set for the "iso-8859-2" character set.  ]
> >     [ Some characters may be displayed incorrectly. ]
> >
> > Martin MOKREJS wrote:
> > >   how about applying this patch?
> >
> > Ten bucks says it'll break PAM on some other platform (my guess is HP-UX,
> > but maybe we should run a sweepstakes on it or something).  Please post it
> > to openssh-unix-dev and see what people say.
> > -- end of forwarded message
> >
> >
> >
> > > The following patch fixes openssh-3.7.1p2 to work with the pam_afs.so
> > > module:
> > >
> > > If anyone wants the rpm spec file for redhat 7.3, let me know.
> > >
> > > 		--Dean
> > >
> > > [root@dakota SOURCES]# more openssh-3.7.1p2-av8.patch
> > > diff -r -u openssh-3.7.1p2.orig/session.c openssh-3.7.1p2/session.c
> > > --- openssh-3.7.1p2.orig/session.c	Tue Sep 23 04:59:08 2003
> > > +++ openssh-3.7.1p2/session.c	Mon Oct  6 01:25:05 2003
> > > @@ -1275,8 +1275,8 @@
> > >  		 * Reestablish them here.
> > >  		 */
> > >  		if (options.use_pam) {
> > > -			do_pam_session();
> > >  			do_pam_setcred(0);
> > > +			do_pam_session();
> > >  		}
> > >  # endif /* USE_PAM */
> > >  # if defined(WITH_IRIX_PROJECT) || defined(WITH_IRIX_JOBS) ||
> > > defined(WITH_IRIX_ARRAY)
> > >
> > >
> > > _______________________________________________
> > > OpenAFS-devel mailing list
> > > OpenAFS-devel@openafs.org
> > > https://lists.openafs.org/mailman/listinfo/openafs-devel
> > >
> >
> > --
> > Martin Mokrejs <mmokrejs@natur.cuni.cz>, <m.mokrejs@gsf.de>
> > PGP5.0i key is at http://www.natur.cuni.cz/~mmokrejs
> > MIPS / Institute for Bioinformatics <http://mips.gsf.de>
> > GSF - National Research Center for Environment and Health
> > Ingolstaedter Landstrasse 1, D-85764 Neuherberg, Germany
> > tel.: +49-89-3187 3683 , fax: +49-89-3187 3585
> >
>
>

-- 
Martin Mokrejs <mmokrejs@natur.cuni.cz>, <m.mokrejs@gsf.de>
PGP5.0i key is at http://www.natur.cuni.cz/~mmokrejs
MIPS / Institute for Bioinformatics <http://mips.gsf.de>
GSF - National Research Center for Environment and Health
Ingolstaedter Landstrasse 1, D-85764 Neuherberg, Germany
tel.: +49-89-3187 3683 , fax: +49-89-3187 3585

Prev by Date: Re: Patch: Solved: Re: [OpenAFS-devel] PAM / openssh 3.7.1p2
Next by Date: Symbol reference errors heimdal-0.6, solaris 8
Prev by thread: Re: Patch: Solved: Re: [OpenAFS-devel] PAM / openssh 3.7.1p2
Next by thread: Symbol reference errors heimdal-0.6, solaris 8
Index(es):
- Date
- Thread