PAM sessions and conversation functions

Darren Tucker dtucker at
Tue Oct 14 13:36:35 EST 2003

Darren Tucker wrote:
> Darren J Moffat wrote:
> >
> > There is no Sun supplied PAM module (bundled or unbundled) that ever tries
> > to do a password change in pam_sm_open_session or pam_sm_close_session; and
> > there never has been.
> Interesting.  I no longer have access to the machine where I saw that
> behaviour so I can't check its config.  I'll mark it up to something odd
> on that machine.  Thanks.

The more I think about it the more I think I was wrong.

A while back someone reported a problem with one of my earlier password
expiry patches.  It was a bug in the patch, but the surprising thing was
that expiry still worked on some systems.  The password was changed at
about the point where the session module was invoked and I assumed that it
was the session module doing it, because it wasn't my code.

Anyway, details are hazy, but if I ever figure out what was going on I'll
post it.  Thanks again.

Darren Tucker (dtucker at
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

More information about the openssh-unix-dev mailing list