conversation function for pam_acct_mgmt failing?

Brian Parent bparent at calvin.ucsd.edu
Tue Nov 16 17:57:28 EST 2004


I'm trying to use PAM on Solaris 8 with sshd (openssh 3.9p1) to run
the pam_acct_mgmt function and give some feedback to the user
if/when their account doesn't meet the necessary local requirements.

Things work fine when I use rlogin, i.e. a user gets authenticated
by typing in their password, and if their account has been suspended
(locally written programs maintain a database which a pam module checks),
they receive a nice message that tells them why their login failed.  
When I use sshd, the functionality is correct (logins fail after authentication
if account is suspended), except that the message to the user never makes it
to their screen.  I've used debugging to show that the message does make it 
to the conversation function, but the message never prints out.

I found some archived email to this list with:

 Subject:  PATCH: Public key authentication defeats passwd age warning.

that sounds like it is closely related from Sep. 2004, but applying the
patch found there hasn't helped my situation.  I tried forcing the use
of various conversation functions, (sshpam_store_conv, sshpam_tty_conv,
sshpam_passwd_conv) but can't get anything to print to the users
terminal.

I've seen other posts which suggest that using posix_threads may work,
but only if all other modules are thread-safe, and that this is not
the preferred workaround.

I'm running out of things to try, hence this post.




More information about the openssh-unix-dev mailing list