PAM_RHOST not available for authentication
Christian Kurz
shorty at debian.org
Thu Dec 28 09:45:40 EST 2000
Hi
and here's an feature request from a user/developer, wher I would like
to hear your comments again. Thanks
> The PAM_RHOST item, which tells PAM which remote host it is conversing
> with, is currently set by OpenSSH _after_ authentication is made. This
> is not a good thing for me, as a have written a module which needs the
> IP of the peer as a part of authentication.
> My module was written to eleminate the need for a patched ssh daemon so
> I was not happy to see that PAM_RHOST was not set until do_pam_account()
> which is called from within an 'if (authenticated)' in auth[12].c
> What I would like to see is a
> pam_set_item((pam_handle_t *)pamh, PAM_RHOST, get_canonical_hostname());
> as soon as possible in the code, before authentication.
Ciao
Christian
--
Debian Developer and Quality Assurance Team Member
1024/26CC7853 31E6 A8CA 68FC 284F 7D16 63EC A9E6 67FF 26CC 7853
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 242 bytes
Desc: not available
Url : http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20001227/087973ff/attachment.bin
More information about the openssh-unix-dev
mailing list