[Bug 1087] SSH fails to show PAM password expiry message from LDAP on login

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Thu Sep 22 14:39:43 EST 2005


http://bugzilla.mindrot.org/show_bug.cgi?id=1087





------- Additional Comments From senthilkumar_sen at hotpop.com  2005-09-22 14:39 -------
I think the pam_acct_mgmt() returns PAM_SUCESS here. Its not returning 
PAM_AUTH_ERR as described in bug #1028 which is a separate scenario. This 
message is just a warning from PAM and the PAM module returns success. But the 
thing is tht only messages are sent back to client if PAM_SUCESS is not returned 
by pam_acct_mgmt(). The code part doing this is in auth-pam.c 

if (sshpam_err != PAM_SUCCESS && sshpam_err != PAM_NEW_AUTHTOK_REQD) {
		sshpam_account_status = 0;
		return (sshpam_account_status);
	}

This can also be viewed from the update of attachment id 960,

> debug3: PAM: do_pam_account pam_acct_mgmt = 0 (Success)

I also checked that the warning messages get collected properly but they are not 
passed to client as said in comment #1.




------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.




More information about the openssh-bugs mailing list