Solaris password requirements not enforced
Darren Tucker
dtucker at zip.com.au
Thu Aug 12 08:46:16 EST 2004
Srinivas Gopaladasu wrote:
> My only problem which I think probably be easily fixed is, any messages
> by Solaris are not displayed.
> For ex, it shows as below:
[...]
> Any idea why the messages from Solaris are suppressed?
As soon as the PAM call completes, the keyboard-interactive machinery
considers the authentication attempt complete and no further
keyboard-interactive messages are sent for that round.
PAM ERROR_MSG and TEXT_INFO messages are collected and sent with the
prompts to the user. The upshot is any ERROR_MSG or TEXT_INFO messages
sent after PROMPT_ECHO* will not be displayed if the authentication
fails. If the authentication succeeds, the remaining messages are
stored for display to the user after login.
It would be possible within the protocol to have a final message in the
kbdint round with the message in the "instruction" field but zero
prompts. I don't know how hard that would be to implement. There's a
couple of other options (USERAUTH_BANNER, eg [1] or packet_disconnect).
[1] http://bugzilla.mindrot.org/show_bug.cgi?id=892
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
More information about the openssh-unix-dev
mailing list