PAM conversation stuff

Ed Phillips ed at UDel.Edu
Sat Oct 27 00:36:13 EST 2001

On Fri, 26 Oct 2001, Dost, Alexander wrote:

> Date: Fri, 26 Oct 2001 09:09:06 +0200
> From: "Dost, Alexander" <Alexander.Dost at>
> To: 'Darren Moffat' <Darren.Moffat at>, openssh-unix-dev at
> Subject: RE: PAM conversation stuff
> Just to start a new thread in this discussion...
> As I asked before, when using an interactive session (plain simple 'ssh
> <host>'), and the prompt for changing the password appears, this stuff comes
> out of the PAM library, right ?
> So the problem that the password (login password first) now entered is
> non-hidden on the screen comes from PAM, not from ssh ?

That's what I'm starting to think...

> And why does the password-expiration checking work only with the
> PAM_TTY_KLUDGE ? If I understood the whole thing, this kludge should only be
> activated in conjunction with non-interactive sessions. But without it ssh

It seems that PAM_TTY_KLUDGE is used to set PAM_TTY to some dummy value so
that won't crash on Solaris.  However, I'd guess that the
PAM_TTY_KLUDGE could be moved to do_pam_session() and only call
pam_set_item() with the dummy tty if we in fact don't have a tty at that

> (2.9.9p2 on Sol8) just closes the connection without any hint to the expired
> password...

Yes... that's the crash in


Ed Phillips <ed at> University of Delaware (302) 831-6082
Systems Programmer III, Network and Systems Services
finger -l ed at for PGP public key

More information about the openssh-unix-dev mailing list