Pam errors in Solaris

Ben Taylor bent at
Wed Dec 1 19:40:19 EST 1999

Thanks to a friend, I was able to gather a little more data about the
problem with PAM authentication and Solaris.

Apparently the pam_open_session module doesn't like it if PAM_RHOST
or PAM_TTY is not set, and segfaults if it hasn't been set.

Figured I'd work around this, but to no avail.  I cut out a bit of
do_pam_account_and_session, and made a do_pam_account and do_pam_session.
Basically the do_pam_session was a pam_set_attr for PAM_TTY, and
the original pam_open_session for the original function (which was removed
from the new pam_do_account). 

I tried in several places to set the information for do_pam_session but
always got the same result.  That being a non-controlled terminal, and no
instance in wtmpx/utmpx (this is solaris).  There are indications that
data is being propogated to the utmp file, but it's kind of a wash since
Solaris ignores it now.  The other problem is that the resulting terminal
has horrible properties, probably due to the lack of a controlling
terminal and the ability to set it properties.  Well, maybe Sun will fix
this pam problem.  However, now I'm concerned that the logging for Sun
should be going to wtmpx/utmpx.  I'll look at this in a day or two.

Funny thing.  If I remove the pam_open_session, I get a nice working
session.  <shrug>  back to the drawing board.


More information about the openssh-unix-dev mailing list