Regarding PAM_TTY_KLUDGE and Solaris 8...
Ed Phillips
ed at UDel.Edu
Sat Oct 27 00:05:54 EST 2001
On Fri, 26 Oct 2001, Damien Miller wrote:
> Date: Fri, 26 Oct 2001 11:33:16 +1000 (EST)
> From: Damien Miller <djm at mindrot.org>
> To: Ed Phillips <ed at UDel.Edu>
> Cc: openssh-unix-dev at mindrot.org
> Subject: Re: Regarding PAM_TTY_KLUDGE and Solaris 8...
>
> On Thu, 25 Oct 2001, Ed Phillips wrote:
>
> > However, I think a change should be made so that pam_chauthtok() is not
> > called if we don't have a real TTY.
>
> > Is there anything I'm missing?
>
> The fact that pam_chauthtok was never getting called without a tty
> anyway. Look at the code path in session.c. The do_pam_chauthtok() call
> was only being made for the tty case.
>
> If there is a problem, it is that accounts with expired passwords were
> still able to execute commands. Please try the patch below for this.
Okay... that makes sense. But, I thought the report was that when the
user did something like "ssh host ls" and the password needed to be
changed, it prompted for a password (over the non-tty-socket) and
displayed their new password in the clear as they typed it in (no tty =
password chars echo).
Oh well, maybe the guy who reported the echoed-password problem will speak
up... ;-)
Ed
> Index: session.c
> ===================================================================
> RCS file: /var/cvs/openssh/session.c,v
> retrieving revision 1.154
> diff -u -r1.154 session.c
> --- session.c 2001/10/12 01:35:51 1.154
> +++ session.c 2001/10/26 01:30:29
> @@ -432,6 +432,9 @@
> #if defined(USE_PAM)
> do_pam_session(s->pw->pw_name, NULL);
> do_pam_setcred(1);
> + if (is_pam_password_change_required())
> + packet_disconnect("Password change required but no "
> + "TTY available");
> #endif /* USE_PAM */
>
> /* Fork the child. */
>
Ed Phillips <ed at udel.edu> University of Delaware (302) 831-6082
Systems Programmer III, Network and Systems Services
finger -l ed at polycut.nss.udel.edu for PGP public key
More information about the openssh-unix-dev
mailing list