PAM conversation stuff

Ed Phillips ed at UDel.Edu
Sat Oct 27 00:36:13 EST 2001


On Fri, 26 Oct 2001, Dost, Alexander wrote:

> Date: Fri, 26 Oct 2001 09:09:06 +0200
> From: "Dost, Alexander" <Alexander.Dost at drkw.com>
> To: 'Darren Moffat' <Darren.Moffat at eng.sun.com>, openssh-unix-dev at mindrot.org
> Subject: RE: PAM conversation stuff
>
> Just to start a new thread in this discussion...
> As I asked before, when using an interactive session (plain simple 'ssh
> <host>'), and the prompt for changing the password appears, this stuff comes
> out of the PAM library, right ?
> So the problem that the password (login password first) now entered is
> non-hidden on the screen comes from PAM, not from ssh ?

That's what I'm starting to think...

> And why does the password-expiration checking work only with the
> PAM_TTY_KLUDGE ? If I understood the whole thing, this kludge should only be
> activated in conjunction with non-interactive sessions. But without it ssh

It seems that PAM_TTY_KLUDGE is used to set PAM_TTY to some dummy value so
that pam_unix.so won't crash on Solaris.  However, I'd guess that the
PAM_TTY_KLUDGE could be moved to do_pam_session() and only call
pam_set_item() with the dummy tty if we in fact don't have a tty at that
time.

> (2.9.9p2 on Sol8) just closes the connection without any hint to the expired
> password...

Yes... that's the crash in pam_unix.so.

	Ed

Ed Phillips <ed at udel.edu> University of Delaware (302) 831-6082
Systems Programmer III, Network and Systems Services
finger -l ed at polycut.nss.udel.edu for PGP public key




More information about the openssh-unix-dev mailing list