[Bug 1087] SSH fails to show PAM password expiry message from LDAP on login
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Wed Sep 21 19:54:05 EST 2005
http://bugzilla.mindrot.org/show_bug.cgi?id=1087
------- Additional Comments From senthilkumar_sen at hotpop.com 2005-09-21 19:54 -------
The problem happens because the messages generated from PAM_Acct_Mgmt() get
displayed to client only if it not returns PAM_SUCCESS or PAM_NEW_AUTHTOK_REQD.
But as expiry messages are warning ones they are not getting displayed here
because pam_acct_mgmt() returns PAM_SUCCESS here. The following code part in
auth2.c is responsible for this,
#ifdef USE_PAM
if (options.use_pam && authenticated) {
if (!PRIVSEP(do_pam_account())) {
/* if PAM returned a message, send it to the user */
if (buffer_len(&loginmsg) > 0) {
buffer_append(&loginmsg, "\0", 1);
userauth_send_banner(buffer_ptr(&loginmsg));
packet_write_wait();
}
fatal("Access denied for user %s by PAM account "
"configuration", authctxt->user);
}
}
#endif
I think fix would be easy for me if the above said reason is correct?
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the openssh-bugs
mailing list