PATCH: Public key authentication defeats passwd age warning.

Darren Tucker dtucker at
Thu Sep 16 21:34:45 EST 2004

Thomas Gardner wrote:
> Below is a patch for this, but here's the verbal:  To keep the basic
> limited prototyping model this code seems to be following, I moved
> do_pam_account() down below the definition of the function that I
> wanted to use for the conversation function (sshpam_store_conv()).
> Then, inside do_pam_account, I set PAM up with that conversation
> function just before it calls pam_acct_mgmt().

A similar change has already been made post-3.9p1 for similar reasons.

I'm wondering if we ought to set up a a catch-all conversation that 
keeps track of the best available methods of interacting with the user 
(eg start with store_conv, switch to interacting directly when PAM_TTY 
gets set) rather than trying to figure it out from combinations of what 
PAM functions we're calling and the use_privsep flag).

Darren Tucker (dtucker at
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
     Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

More information about the openssh-unix-dev mailing list