Patch so that sshd makes use of PAM_USER

Jeremy Ellington jeremy.ellington at
Sat Aug 31 05:05:25 EST 2002

I've made the requested changes, and I've tested this on Linux 2.4.2 with both auth and account entry points.

The new diff (pam_user.diff) is attached.

-----Original Message-----
From: Darren J Moffat [mailto:Darren.Moffat at Sun.COM]
Sent: Friday, August 30, 2002 1:42 PM
To: Ben Lindstrom
Cc: Jeremy Ellington; jm at; openssh-unix-dev at
Subject: Re: Patch so that sshd makes use of PAM_USER

On Fri, 30 Aug 2002, Ben Lindstrom wrote:

> Two things off hand.
> 1. Your repeating the code over and over.  Make it a function call.
> 2. Look at openbsd's 'style' page.  As it sits now it would not be
> accepted because it does not follow the correct code format.
> also, one needs to check to see if this is honored by Solaris/hpux or if
> this is a Linux oddity.

This is part of the original PAM spec.  There are no modules shipped by
Sun for Solaris that actually change the PAM_USER but I know it does work
if such a module should be installed.  Since the HP code orginally came
from Sun it should work there as well.

To test this create a PAM module that implements pam_sm_authenticate
and in it use pam_set_item to change the value of PAM_USER.  The change
should be reflected back in the application when it calls pam_get_item.

> On Fri, 30 Aug 2002, Jeremy Ellington wrote:
> >  <<pam_user.patch>>
> > Hello.  I created a patch that causes sshd  to take notice of the value of PAM_USER after calling into the pam_xxx functions.  This makes it possible for a PAM module to effect user mappings by setting the value of PAM_USER with pam_set_item().  If anyone has comments or suggestions, let me know.
> >
> > Thanks,
> > Jeremy
> >
> _______________________________________________
> openssh-unix-dev at mailing list

Darren J Moffat

-------------- next part --------------
A non-text attachment was scrubbed...
Name: pam_user.diff
Type: application/octet-stream
Size: 5285 bytes
Desc: pam_user.diff
Url : 

More information about the openssh-unix-dev mailing list