Regarding PAM_TTY_KLUDGE and Solaris 8...

Kevin Steves stevesk at
Sat Oct 27 06:47:38 EST 2001

On Thu, 25 Oct 2001, Damien Miller wrote:
:IMO until then we should enable the kludge, but change it as follows.
:Kevin, can you check whether the kludge works with this patch on HP/UX?
:(is the kludge even needed there?)

hp-ux 11 does not need PAM_TTY_KLUDGE.  in fact, when it was enabled
last time something broke as i recall.  however, there is a PAM patch
required to fix an incompatibility with expired password checks.
there are some dependencies for the 11.11 patch on NFS/NIS--don't know
about the 11.0 patch.

11.11: PHCO_24839
11.00: PHCO_25527

or something prior with this fix:

	( SR:8606160402 CR:JAGad29724 )
	HP-UX is inconsistent with the PAM standard with respect
	to the return value for an expired password. This
	inconsistency causes a problem for programs written to
	run on multiple platforms.

	When an expired password is detected, libpam_unix.1 now
	returns standard PAM_NEW_AUTHTOK_REQD instead of

:Index: auth-pam.c
:RCS file: /var/cvs/openssh/auth-pam.c,v
:retrieving revision 1.37
:diff -u -r1.37 auth-pam.c
:--- auth-pam.c	2001/04/23 18:38:37	1.37
:+++ auth-pam.c	2001/10/25 00:43:55
:@@ -374,7 +374,7 @@
: 	 * not even need one (for tty-less connections)
: 	 * Kludge: Set a fake PAM_TTY
: 	 */
:-	pam_retval = pam_set_item(__pamh, PAM_TTY, "ssh");
:+	pam_retval = pam_set_item(__pamh, PAM_TTY, "NODEVssh");
: 	if (pam_retval != PAM_SUCCESS)
: 		fatal("PAM set tty failed[%d]: %.200s",
: 		    pam_retval, PAM_STRERROR(__pamh, pam_retval));

More information about the openssh-unix-dev mailing list