[Bug 1087] SSH fails to show PAM password expiry message from LDAP on login

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Wed Sep 21 19:54:05 EST 2005


http://bugzilla.mindrot.org/show_bug.cgi?id=1087





------- Additional Comments From senthilkumar_sen at hotpop.com  2005-09-21 19:54 -------
The problem happens because the messages generated from PAM_Acct_Mgmt() get 
displayed to client only if it not returns PAM_SUCCESS or PAM_NEW_AUTHTOK_REQD. 
But as expiry messages are warning ones they are not getting displayed here 
because pam_acct_mgmt() returns PAM_SUCCESS here. The following code part in 
auth2.c is responsible for this,

#ifdef USE_PAM
	if (options.use_pam && authenticated) {
		if (!PRIVSEP(do_pam_account())) {
			/* if PAM returned a message, send it to the user */
			if (buffer_len(&loginmsg) > 0) {
				buffer_append(&loginmsg, "\0", 1);
				userauth_send_banner(buffer_ptr(&loginmsg));
				packet_write_wait();
			}
			fatal("Access denied for user %s by PAM account "
			   "configuration", authctxt->user);
		}
	}
#endif

I think fix would be easy for me if the above said reason is correct?



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.




More information about the openssh-bugs mailing list