[Bug 1681] conversation function for passwd auth method assumes instead of fail
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Fri Dec 4 02:56:20 EST 2009
https://bugzilla.mindrot.org/show_bug.cgi?id=1681
--- Comment #3 from Zdeněk Kotala <zdenek.kotala at sun.com> 2009-12-04 02:56:19 EST ---
As documentation and draft of XSSO standard says you really cannot read
AUTHTOK in application but it is not a problem. Application (in this
case ssh) does not need to read it because it could lead to leak a
passwd in some cases, but the information is in the PAM session and PAM
module can access it.
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list