[Bug 117] OpenSSH second-guesses PAM

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Fri Feb 15 11:13:20 EST 2002


http://bugzilla.mindrot.org/show_bug.cgi?id=117





------- Additional Comments From abartlet at samba.org  2002-02-15 11:13 -------
The problem is that OpenSSH knows the username perfectly well at this stage.  It
just refuses to pass it on to PAM!

This means that PAM cannot log the fact that an invalid login was attempted -
which is my primary issue here.  I am doing some work on a product that is
hoping to use PAM to log all authenticaion failures in a consistant manner
across all system deamons.  

I see know reason why PAM cannot be told the truth, allowing this kind of thing
without ugly hacks to OpenSSH itself (the current way this is done).  

auth_sia_password() doesn't take a 'struct passwd' argument, why should PAM have
to?  (The bits of auth_pam_password() and auth_password() that deal with the
pw->uid feild should really be in a single function, elsewhere)



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.



More information about the openssh-unix-dev mailing list