[Bug 1087] SSH fails to show PAM password expiry message from LDAP on login

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Thu Sep 22 12:27:09 EST 2005


http://bugzilla.mindrot.org/show_bug.cgi?id=1087


dtucker at zip.com.au changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |ASSIGNED




------- Additional Comments From dtucker at zip.com.au  2005-09-22 12:27 -------
It looks like you're using keyboard-interactive authentication, right?  If so, I
think this is actually bug #1028.  (sshd tries to send as much of the PAM
exchange as possible via keyboard-interactive, however doesn't quite get it
quite right).

If you force password authentication with 4.2 (eg "ssh -o
preferredauthentications=password foo.example.com") does the warning appear?

(BTW: I had not applied the patch in bug #1028 because it occured to me that
it's a special case the message handling mentioned at
http://marc.theaimsgroup.com/?l=openssh-unix-dev&m=111973493522390&w=2 (look for
"For the SSHv2/kbdint case I guess it could pass the messages through") where
sshd could generate N kbdint messages rather than accumulating them, where N==0.
 I intended to get to this before 4.2 but didn't.  In hindsight, I should have
committed the patch then for replacement later).



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.




More information about the openssh-bugs mailing list