[Bug 3210] Confusing errors when pam_acct_mgmt() fails

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Wed Aug 25 22:03:46 AEST 2021


Darren Moffat <darren.moffat at oracle.com> changed:

           What    |Removed                     |Added
                 CC|                            |darren.moffat at oracle.com

--- Comment #2 from Darren Moffat <darren.moffat at oracle.com> ---
Created attachment 3545
  --> https://bugzilla.mindrot.org/attachment.cgi?id=3545&action=edit
Alternate proposal to preserve pam_acct_mgmt() return value

I'm adding a slightly different proposed patch, that I believe is both
more generic, in that all error values from pam_acct_mgmt() can be
passed through.  It is also slightly smaller a change.
Unlike the prior patch it intentionally overrides a PAM_SUCCESS
sshpam_err value with the one from pam_acct_mgmt(). This is so that an
account that has successfully authenticate but for some other reason is
not allowed access "just now" has an appropriate error returned (likely

You are receiving this mail because:
You are watching the assignee of the bug.

More information about the openssh-bugs mailing list