[Bug 1087] SSH fails to show PAM password expiry message from LDAP on login
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Thu Sep 22 14:39:43 EST 2005
http://bugzilla.mindrot.org/show_bug.cgi?id=1087
------- Additional Comments From senthilkumar_sen at hotpop.com 2005-09-22 14:39 -------
I think the pam_acct_mgmt() returns PAM_SUCESS here. Its not returning
PAM_AUTH_ERR as described in bug #1028 which is a separate scenario. This
message is just a warning from PAM and the PAM module returns success. But the
thing is tht only messages are sent back to client if PAM_SUCESS is not returned
by pam_acct_mgmt(). The code part doing this is in auth-pam.c
if (sshpam_err != PAM_SUCCESS && sshpam_err != PAM_NEW_AUTHTOK_REQD) {
sshpam_account_status = 0;
return (sshpam_account_status);
}
This can also be viewed from the update of attachment id 960,
> debug3: PAM: do_pam_account pam_acct_mgmt = 0 (Success)
I also checked that the warning messages get collected properly but they are not
passed to client as said in comment #1.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the openssh-bugs
mailing list