PAM_ERROR_MSG and PAM_TEXT_INFO from modules

Ethan Benson erbenson at alaska.net
Mon Jan 12 23:23:58 EST 2004


On Mon, Jan 12, 2004 at 11:08:11PM +1100, Darren Tucker wrote:
> Ethan Benson wrote:
> > eb at socrates ~$ ssh plato
> > Read from remote host plato: Connection reset by peer
> > Connection to plato closed.
> 
> I think that "reset by peer" is a problem with the static cleanup 
> functions added after 3.7.1p2 but I'm not sure exactly where.

perhaps not, 3.4 behaves exactly the same.

actually the client is still 3.4, if that matters (it shouldn't for
the case of pam messages disappearing i wouldn't think).


>> <PAM_ERROR_MSG and PAM_TEXT_INFO messages>
> It would be possible to return those via SSH2 keyboard-interactive but 
> probably not SSH1 PAM-over-TIS(?).  What do others think of sending the 
> PAM error and info messages back to the client for keyboard-interactive?

this was my thought as well, since things like Banner work without a
tty these kinds of things should too. 

as for only working with SSH2 that is perfectly fine by me, i long ago
disabled protocol v1.  most sites seem to be deprecating v1 anyway.

for me it just needs to work for both pubkey and pam authentications.

-- 
Ethan Benson
http://www.alaska.net/~erbenson/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 240 bytes
Desc: not available
Url : http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20040112/5d0bf457/attachment.bin 


More information about the openssh-unix-dev mailing list