[Bug 3210] Confusing errors when pam_acct_mgmt() fails
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Wed Aug 25 22:03:46 AEST 2021
https://bugzilla.mindrot.org/show_bug.cgi?id=3210
Darren Moffat <darren.moffat at oracle.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |darren.moffat at oracle.com
--- Comment #2 from Darren Moffat <darren.moffat at oracle.com> ---
Created attachment 3545
--> https://bugzilla.mindrot.org/attachment.cgi?id=3545&action=edit
Alternate proposal to preserve pam_acct_mgmt() return value
I'm adding a slightly different proposed patch, that I believe is both
more generic, in that all error values from pam_acct_mgmt() can be
passed through. It is also slightly smaller a change.
Unlike the prior patch it intentionally overrides a PAM_SUCCESS
sshpam_err value with the one from pam_acct_mgmt(). This is so that an
account that has successfully authenticate but for some other reason is
not allowed access "just now" has an appropriate error returned (likely
PAM_PERM_DENIED).
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list