What is print_pam_messages() used for ?

Ralf Hack ralf.hack at pipex.net
Fri Jan 16 21:14:25 EST 2004

>Ralf Hack wrote:
>>I will try it. However, the messages are created in 
>>do_pam_account()->pam_acct_mgmt(). Unlike other parts, this one 
>>does not have a conversation function installed. Therefore, I doubt 
>>that you will receive these messages in the first place.
>For sshv2, do_pam_account is called by sshpam_thread which has 
>already set the conversation function to sshpam_thread_conv, so the 
>messages should go to the keyboard-interactive device.  Currently, 
>however, the messages returned with the failure will not, since the 
>kbdint conversation ends as soon as the authentication fails.  I'm 
>not sure what to do about that.

The user is allowed to change his/her own password. Naturally, that 
implies the authentication has gone through successfully.

I am considering to patch the code using the same conversation 
function  in do_pam_account that is used in do_pam_session 
(tty_conv). In your considered opinion, will that work ?


More information about the openssh-unix-dev mailing list