What is print_pam_messages() used for ?
Ralf Hack
ralf.hack at pipex.net
Fri Jan 16 21:14:25 EST 2004
>Ralf Hack wrote:
>[snapshots]
>>I will try it. However, the messages are created in
>>do_pam_account()->pam_acct_mgmt(). Unlike other parts, this one
>>does not have a conversation function installed. Therefore, I doubt
>>that you will receive these messages in the first place.
>
>For sshv2, do_pam_account is called by sshpam_thread which has
>already set the conversation function to sshpam_thread_conv, so the
>messages should go to the keyboard-interactive device. Currently,
>however, the messages returned with the failure will not, since the
>kbdint conversation ends as soon as the authentication fails. I'm
>not sure what to do about that.
The user is allowed to change his/her own password. Naturally, that
implies the authentication has gone through successfully.
I am considering to patch the code using the same conversation
function in do_pam_account that is used in do_pam_session
(tty_conv). In your considered opinion, will that work ?
Ralf.
More information about the openssh-unix-dev
mailing list