2.9.9p2 bug in PAM support
Andrew Bartlett
abartlet at pcug.org.au
Sat Sep 29 09:57:48 EST 2001
Brent A Nelson wrote:
>
> With OpenSSH 2.9.9p2 as the server, I'm not able to do scp or "ssh
> machinename command" in general to any of my Suns!
>
> I tracked this down a bit; the problem occurs only when PAM support is
> enabled. However, if I remove line 430 of session.c,
> "do_pam_session(s->pw->pw_name, NULL);" inside of do_exec_no_pty, the
> problem goes away.
>
> It looks like the following entry in the Changelog may be responsible:
>
> 20010627
> - (djm) Reintroduce pam_session call for non-pty sessions.
>
> Let me know if you need any additional info to track this down.
What happens if you define PAM_TTY_KLUDGE and recompile?
There are a number of bugs in some PAM modules (pam_time.so notably)
where they really object when you don't give them a TTY. This define
just makes OpenSSH give 'ssh' as the tty.
(The OpenSSH team are really in a bind here, as they have one group of
people - like me - who want those session modules used, and another
group for whome it locks them out. As you noted the previous version
changed in your favor, but it was changed back on complaints from other
users and a 'discussion' on BugTraq).
Hope this helps,
Andrew Bartlett
--
Andrew Bartlett abartlet at pcug.org.au
Samba Team member, Build Farm maintainer abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
More information about the openssh-unix-dev
mailing list