PAM conversation stuff

mouring at mouring at
Sat Oct 27 00:07:35 EST 2001

For non-interactive connections it should *NEVER* attempt a password
change, but it should notify the user for the reason of failure to

The problem is people wanted to have some PAM modules for setting limits,
etc apply to non-interactive session.  Which works fine under Linux, but
failure utterly under Solaris.

Moffat, there is a 'compatibility-a-thon' occuring soon.. Maybe there
should be a 'PAM' booth to get Linux, Sun, HP, etc all on the same page.

- Ben

On Fri, 26 Oct 2001, Dost, Alexander wrote:

> Just to start a new thread in this discussion...
> As I asked before, when using an interactive session (plain simple 'ssh
> <host>'), and the prompt for changing the password appears, this stuff comes
> out of the PAM library, right ?
> So the problem that the password (login password first) now entered is
> non-hidden on the screen comes from PAM, not from ssh ?
> And why does the password-expiration checking work only with the
> PAM_TTY_KLUDGE ? If I understood the whole thing, this kludge should only be
> activated in conjunction with non-interactive sessions. But without it ssh
> (2.9.9p2 on Sol8) just closes the connection without any hint to the expired
> password...
> - Alex

More information about the openssh-unix-dev mailing list