[openssh-commits] CVS: shitei.mindrot.org: openssh
Darren Tucker
dtucker at mindrot.org
Thu Dec 18 15:34:32 EST 2003
CVSROOT: /var/cvs
Module name: openssh
Changes by: dtucker at shitei.mindrot.org 2003/12/18 15:34:32
Modified files:
. : ChangeLog auth-pam.c
Log message:
- (dtucker) [auth-pam.c] Do PAM chauthtok during SSH2 keyboard-interactive
authentication. Partially fixes bug #423. Feedback & ok djm@
Some background on why this is the way it is:
* Solaris 8's pam_chauthtok ignores the CHANGE_EXPIRED_AUTHTOK flag, so
we must call do_pam_account() to figure out if the password is expired.
* AIX 5.2 does not like having pam_acct_mgmt() called twice, once from the
authentication thread and once from the main shell child, so we cache the
result, which must be passed from the authentication thread back to the
monitor.
cvs -n rdiff -u -r1.3150 -r1.3151 openssh/ChangeLog
cvs -n rdiff -u -r1.84 -r1.85 openssh/auth-pam.c
More information about the openssh-commits
mailing list