[Bug 2876] New: PAM_TEXT_INFO and PAM_ERROR_MSG conversation not honoured during PAM authentication

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Tue Jun 12 18:57:41 AEST 2018


https://bugzilla.mindrot.org/show_bug.cgi?id=2876

            Bug ID: 2876
           Summary: PAM_TEXT_INFO and PAM_ERROR_MSG conversation not
                    honoured during PAM authentication
           Product: Portable OpenSSH
           Version: 7.7p1
          Hardware: Other
                OS: Linux
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: PAM support
          Assignee: unassigned-bugs at mindrot.org
          Reporter: bugs at mrvanes.com

I built a PAM module which only responsibility is sending a challenge
to the end-user in the form of a (unique) url. No input is required,
nor appreciated.

openssh however, discards all conversation of type PAM_TEXT_INFO and
PAM_ERROR_MSG until the PAM module returns control. All conversation of
type PAM_PROMPT_ECHO_[ON|OFF] is honoured, but I don't want the user to
need to enter something, not even <enter> before returning the
authentication result.

I know displaying messages of type PAM_ERROR_MSG is frowned upon and
regarded as leaking information, but PAM_TEXT_INFO is there for a
reason. Please reconsider displaying them, without the need for user
interaction.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list