thr3ads.net - openssh bugs - [Bug 890] Allow users to see output from failing PAM session modules. [Jul 2004]

If this information is useful, please help other people find it:
Share via:

bugzilla-daemon at mindrot.org

2004-Jul-03 08:54 UTC

[Bug 890] Allow users to see output from failing PAM session modules.

http://bugzilla.mindrot.org/show_bug.cgi?id=890

           Summary: Allow users to see output from failing PAM session
                    modules.
           Product: Portable OpenSSH
           Version: -current
          Platform: Other
        OS/Version: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: PAM support
        AssignedTo: openssh-bugs at mindrot.org
        ReportedBy: dtucker at zip.com.au


Because a failure in do_pam_session causes an immediate fatal(), the connection
exits uncleanly, eg, with the following PAM config:
session required pam_motd.so motd=/etc/mynologin
session required pam_deny.so

Attempting to log in will result in:
testuser at localhost's password:
Read from remote host localhost: Connection reset by peer
Connection to localhost closed.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

bugzilla-daemon at mindrot.org

2004-Jul-03 08:57 UTC

head link

[Bug 890] Allow users to see output from failing PAM session modules.

http://bugzilla.mindrot.org/show_bug.cgi?id=890





------- Additional Comments From dtucker at zip.com.au  2004-07-03 18:57 -------
Created an attachment (id=678)
 --> (http://bugzilla.mindrot.org/attachment.cgi?id=678&action=view)
If do_pam_session fails, end output to user then close session.

Patch to fix.  If a PAM session module fails, this is what happens:
$ ssh testuser at localhost
testuser at localhost's password:
No user logins right now.

Connection to localhost closed.




------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

bugzilla-daemon at mindrot.org

2004-Jul-04 01:21 UTC

head link

[Bug 890] Allow users to see output from failing PAM session modules.

http://bugzilla.mindrot.org/show_bug.cgi?id=890

dtucker at zip.com.au changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
 Attachment #678 is|0                           |1
           obsolete|                            |



------- Additional Comments From dtucker at zip.com.au  2004-07-04 11:21 -------
Created an attachment (id=679)
 --> (http://bugzilla.mindrot.org/attachment.cgi?id=679&action=view)
Make work for privsep=no too




------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

Maybe Matching Threads

Search for more possibly parallel threads

openssh bugs - Jul 2004 - [Bug 890] Allow users to see output from failing PAM session modules.

[Bug 890] Allow users to see output from failing PAM session modules.

[Bug 890] Allow users to see output from failing PAM session modules.

[Bug 890] Allow users to see output from failing PAM session modules.

Maybe Matching Threads