Regarding PAM_TTY_KLUDGE and Solaris 8...
Damien Miller
djm at mindrot.org
Thu Oct 25 10:45:34 EST 2001
On Wed, 24 Oct 2001, Darren Moffat wrote:
>
> >Okay, this appears to be a problem with pam_unix.so - the code in
> >pam_sm_open_session is written with the assumption that the tty name is of
> >the form "/dev/" + something else on the end. I'm not sure why the
>
> pam_sm_open_session in pam_unix on Solaris now does this:
>
> /* report error if ttyn or rhost are not set */
> if ((ttyn == NULL) || (rhost == NULL))
> return (PAM_SESSION_ERR);
>
> /* sanity check on size of tty line */
> if (strlen(ttyn) < sizeof("/dev/"))
> return (PAM_SESSION_ERR);
>
> later on it uses everything after the /dev/ as the short name tty to
> write to lastlog.
>
> This was part of the fix for 4250887. The fix will appear in patch
> 111659-03 (sparc) and 111660-03 (intel) when that patch is released.
IMO until then we should enable the kludge, but change it as follows.
Kevin, can you check whether the kludge works with this patch on HP/UX?
(is the kludge even needed there?)
Index: auth-pam.c
===================================================================
RCS file: /var/cvs/openssh/auth-pam.c,v
retrieving revision 1.37
diff -u -r1.37 auth-pam.c
--- auth-pam.c 2001/04/23 18:38:37 1.37
+++ auth-pam.c 2001/10/25 00:43:55
@@ -374,7 +374,7 @@
* not even need one (for tty-less connections)
* Kludge: Set a fake PAM_TTY
*/
- pam_retval = pam_set_item(__pamh, PAM_TTY, "ssh");
+ pam_retval = pam_set_item(__pamh, PAM_TTY, "NODEVssh");
if (pam_retval != PAM_SUCCESS)
fatal("PAM set tty failed[%d]: %.200s",
pam_retval, PAM_STRERROR(__pamh, pam_retval));
-d
--
| By convention there is color, \\ Damien Miller <djm at mindrot.org>
| By convention sweetness, By convention bitterness, \\ www.mindrot.org
| But in reality there are atoms and space - Democritus (c. 400 BCE)
More information about the openssh-unix-dev
mailing list