thr3ads.net - openssh unix dev - [Bug 188] New: pam_chauthtok() is called too late [Mar 2002]

If this information is useful, please help other people find it:
Share via:

bugzilla-daemon at mindrot.org

2002-Mar-26 22:24 UTC

[Bug 188] New: pam_chauthtok() is called too late

http://bugzilla.mindrot.org/show_bug.cgi?id=188

           Summary: pam_chauthtok() is called too late
           Product: Portable OpenSSH
           Version: 3.1p1
          Platform: Other
        OS/Version: All
            Status: NEW
          Severity: major
          Priority: P2
         Component: sshd
        AssignedTo: openssh-unix-dev at mindrot.org
        ReportedBy: Nicolas.Williams at ubsw.com


When pam_acct_mgmt() returns PAM_NEW_AUTHTOK_REQD pam_chauthtok()
must be the next PAM function called. That is, pam_chauthtok() MUST
be called before pam_open_session() and before
pam_setcred(PAM_ESTABLISH_CRED).

The point is: if the user's password is expired then the login process
cannot
proceed too far before password changing is attempted.

This bug applies, or should apply, to any implementation of PAM. Thus I selected
"All" for the OS to which this bug applies.

Cheers,

Nico



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

Possibly Parallel Threads

Search for more apparently analagous threads

openssh unix dev - Mar 2002 - [Bug 188] New: pam_chauthtok() is called too late

[Bug 188] New: pam_chauthtok() is called too late

Possibly Parallel Threads

Wisdom of the Ancients