Regarding PAM_TTY_KLUDGE and Solaris 8...
Kevin Steves
stevesk at pobox.com
Sat Oct 27 06:47:38 EST 2001
On Thu, 25 Oct 2001, Damien Miller wrote:
:IMO until then we should enable the kludge, but change it as follows.
:Kevin, can you check whether the kludge works with this patch on HP/UX?
:(is the kludge even needed there?)
hp-ux 11 does not need PAM_TTY_KLUDGE. in fact, when it was enabled
last time something broke as i recall. however, there is a PAM patch
required to fix an incompatibility with expired password checks.
there are some dependencies for the 11.11 patch on NFS/NIS--don't know
about the 11.0 patch.
11.11: PHCO_24839
11.00: PHCO_25527
or something prior with this fix:
( SR:8606160402 CR:JAGad29724 )
HP-UX is inconsistent with the PAM standard with respect
to the return value for an expired password. This
inconsistency causes a problem for programs written to
run on multiple platforms.
Resolution:
When an expired password is detected, libpam_unix.1 now
returns standard PAM_NEW_AUTHTOK_REQD instead of
PAM_AUTHTOK_EXPIRED.
:Index: auth-pam.c
:===================================================================
:RCS file: /var/cvs/openssh/auth-pam.c,v
:retrieving revision 1.37
:diff -u -r1.37 auth-pam.c
:--- auth-pam.c 2001/04/23 18:38:37 1.37
:+++ auth-pam.c 2001/10/25 00:43:55
:@@ -374,7 +374,7 @@
: * not even need one (for tty-less connections)
: * Kludge: Set a fake PAM_TTY
: */
:- pam_retval = pam_set_item(__pamh, PAM_TTY, "ssh");
:+ pam_retval = pam_set_item(__pamh, PAM_TTY, "NODEVssh");
: if (pam_retval != PAM_SUCCESS)
: fatal("PAM set tty failed[%d]: %.200s",
: pam_retval, PAM_STRERROR(__pamh, pam_retval));
More information about the openssh-unix-dev
mailing list