PAM_AUTH_ERR messages

David Leonard davidl at
Sun May 1 01:58:03 EST 2005


> Sean wrote:
> > There seems to be no way for PAM to inform a user why her ssh login
> > attempt is being denied.   Niether PAM_TEXT_INFO or PAM_ERROR_MSG
> > conversation messages are passed on to the user by sshd unless the login
> > is successful.   This is causing great frustration for us at several sites
> > where users can't figure out why their logins aren't working.

I'm seeing the same problem being hit here. (4.0p1 keyboard-interactive)

Our pam module believes that calling through the pam_conv (during auth,
and just before returning PAM_AUTH_ERR) will display an important message
to the user. But it doesn't, and it causes confusion.

> > Would a patch be accepted to display such text even on login failure
> > with a couple second of delay afterward?  

I'd love to see a fix for it too, though I think adding a delay is unnecessary.

David Leonard
Resource Central software engineer
Vintela Inc.; Brisbane, Australia

More information about the openssh-unix-dev mailing list