PAM_AUTH_ERR messages

Sean seanlkml at
Sun May 1 02:22:22 EST 2005

On Sat, April 30, 2005 11:58 am, David Leonard said:

Hi David,

> I'm seeing the same problem being hit here. (4.0p1 keyboard-interactive)
> Our pam module believes that calling through the pam_conv (during auth,
> and just before returning PAM_AUTH_ERR) will display an important message
> to the user. But it doesn't, and it causes confusion.

Yes exactly.  It's interesting that the PAM module works just as expected
with telnetd.  openssh just handles it differently.

> I'd love to see a fix for it too, though I think adding a delay is
> unnecessary.

Perhaps it could be configurable.  The only reason for the suggestion is
that some clients (Putty in this case)  are configured to auto close the
window on disconnection.   The idea was to make sure the user had time to
read the message, but a "press enter to continue..." type thing would work


More information about the openssh-unix-dev mailing list