PAM_AUTH_ERR messages

Sean seanlkml at
Sun May 1 17:35:59 EST 2005

On Sat, April 30, 2005 9:50 pm, Darren Tucker said:

> In that case, 4.0p1 already does what you want.  If the session module
> fails, the messages are accumulated, sent down the session and the
> session closed (this is how /etc/nologin works too).

Yes you're right about the upgrade solving the problem.   And in fact the
custom PAM module that we made was based on the original pam nologin

We also had to set "UsePrivilegeSeparation no", which we tweaked on
because of what you said in your first reply.

So for our RHEL 4 server, we had to write a custom PAM module and do a
non-standard openssh upgrade, just so users can know why they've been
denied login.  Pretty bad really, but your help made it easier to get
through,  thanks.


More information about the openssh-unix-dev mailing list