What is print_pam_messages() used for ?

Darren Tucker dtucker at zip.com.au
Fri Jan 16 11:13:44 EST 2004

Ralf Hack wrote:
>     I was investigating why I don't see any warnings from pam_ldap 
> indicating the pending expiration of passwords as well as for 
> PAM_NEW_AUTHTOK_REQD. Eventually, I found that do_pam_account() does not 
> have a conversation function.

NEW_AUTHTOK_REQD should be fixed in -current for SSHv2 
keyboard-interactive authentication (it works for me on my test 
platforms, but you may not get all of the messages on Solaris or HP-UX yet).

 > Also, there is a function
> print_pam_messages (currently empty) which look suspiciously like it is 
> ear marked to show just those error messages:
> /* auth-pam.c */
> void print_pam_messages(void)
> {
>     /* XXX */
> }

print_pam_messages had been more or less superceded by the generic 
Buffer loginmsg.  There's still a couple more loginmsg changes I hope to 
make, after which print_pam_messages() should be gone altogether.

>     By any chance, is someone working on a patch to show these warning 
> messages ?

There have been changes since 3.7.1p2 to allow the display of messages 
from session modules, and the remaining messages after 
challenge-response authentication.  I'm not sure if those will include 
your messages from pam_ldap, but if you haven't already, please try a 
recent snapshot.

Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
     Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

More information about the openssh-unix-dev mailing list