Solaris password requirements not enforced
Srinivas Gopaladasu
srinivas_gopaladasu at net.com
Thu Aug 12 09:00:24 EST 2004
Darren Tucker wrote:
> Srinivas Gopaladasu wrote:
>
>> My only problem which I think probably be easily fixed is, any
>> messages by Solaris are not displayed.
>> For ex, it shows as below:
>
> [...]
>
>> Any idea why the messages from Solaris are suppressed?
>
I thought it will be easy to fix, but unfortuantely not.
>
> As soon as the PAM call completes, the keyboard-interactive machinery
> considers the authentication attempt complete and no further
> keyboard-interactive messages are sent for that round.
>
> PAM ERROR_MSG and TEXT_INFO messages are collected and sent with the
> prompts to the user. The upshot is any ERROR_MSG or TEXT_INFO
> messages sent after PROMPT_ECHO* will not be displayed if the
> authentication fails. If the authentication succeeds, the remaining
> messages are stored for display to the user after login.
>
> It would be possible within the protocol to have a final message in
> the kbdint round with the message in the "instruction" field but zero
> prompts. I don't know how hard that would be to implement. There's a
> couple of other options (USERAUTH_BANNER, eg [1] or packet_disconnect).
I did not get this.
Can you please give me more details how I can atleast display the error
messages?
Or will you be able to give me a patch?
Thanks
Srini
>
>
> [1] http://bugzilla.mindrot.org/show_bug.cgi?id=892
>
More information about the openssh-unix-dev
mailing list