PATCH: Public key authentication defeats passwd age warning.
Darren Tucker
dtucker at zip.com.au
Thu Sep 16 21:34:45 EST 2004
Thomas Gardner wrote:
> Below is a patch for this, but here's the verbal: To keep the basic
> limited prototyping model this code seems to be following, I moved
> do_pam_account() down below the definition of the function that I
> wanted to use for the conversation function (sshpam_store_conv()).
> Then, inside do_pam_account, I set PAM up with that conversation
> function just before it calls pam_acct_mgmt().
A similar change has already been made post-3.9p1 for similar reasons.
I'm wondering if we ought to set up a a catch-all conversation that
keeps track of the best available methods of interacting with the user
(eg start with store_conv, switch to interacting directly when PAM_TTY
gets set) rather than trying to figure it out from combinations of what
PAM functions we're calling and the use_privsep flag).
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
More information about the openssh-unix-dev
mailing list