search for: do_pam_set_conv

...orked for me as well. In any case, the following change appears to address the problem: diff -ru openssh-2.9.9p2_orig/auth-pam.c openssh-2.9.9p2/auth-pam.c --- openssh-2.9.9p2_orig/auth-pam.c Mon Apr 23 14:38:37 2001 +++ openssh-2.9.9p2/auth-pam.c Mon Oct 29 15:32:08 2001 @@ -272,6 +272,12 @@ do_pam_set_conv(&conv); +#ifdef PAM_SUN_CODEBASE + if (ttyname == NULL) { + ttyname = ""; + } +#endif /* PAM_SUN_CODEBASE */ + if (ttyname != NULL) { debug("PAM setting tty to \"%.200s\"", ttyname); pam_retval = pam_set_item(__pamh, PAM_TTY, ttyname); Obviously that ex...

...pired passwd can login and is not prompted to change their password. NOTE: "pam_setcred: error Permission denied" errors are still issued when exiting a session. *** auth-pam.c- Mon Feb 25 18:36:04 2002 --- auth-pam.c Tue Feb 26 10:05:31 2002 *************** *** 297,304 **** do_pam_set_conv(&conv); debug("PAM establishing creds"); ! pam_retval = pam_setcred(__pamh, ! init ? PAM_ESTABLISH_CRED : PAM_REINITIALIZE_CRED); if (pam_retval != PAM_SUCCESS) { if (was_authenticated) fatal("PAM setcred fa...

...with solaris 8) with the pam.conf entry: sshd auth sufficient /usr/lib/security/$ISA/pam_unix.so.1 sshd auth sufficient /usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass *** auth-pam.c- Mon Feb 25 18:36:04 2002 --- auth-pam.c Tue Feb 26 10:05:31 2002 *************** *** 297,304 **** do_pam_set_conv(&conv); debug("PAM establishing creds"); ! pam_retval = pam_setcred(__pamh, ! init ? PAM_ESTABLISH_CRED : PAM_REINITIALIZE_CRED); if (pam_retval != PAM_SUCCESS) { if (was_authenticated) fatal("PAM setcred failed...

...tval, PAM_STRERROR(__pamh, pam_retval)); } + if (session_opened) + return; /*Be idempotent so we can be called in monitor and child*/ pam_retval = pam_open_session(__pamh, 0); if (pam_retval != PAM_SUCCESS) fatal("PAM session setup failed[%d]: %.200s", @@ -304,6 +306,8 @@ do_pam_set_conv(&conv); + if (init&&creds_set) + return; /*be idempotent so we can be called in monitor and child*/ debug("PAM establishing creds"); pam_retval = pam_setcred(__pamh, init ? PAM_ESTABLISH_CRED : PAM_REINITIALIZE_CRED); diff -u -r1.1.1.1 monitor.c --- monitor.c 24...

...ible patch for the problem is given below: *** auth-pam.c Tue Apr 24 00:08:37 2001 --- auth-amrita.c Tue Nov 6 22:58:46 2001 *************** *** 203,208 **** --- 203,209 ---- { extern ServerOptions options; int pam_retval; + int flags=0; do_pam_set_conv(&conv); *************** *** 217,223 **** __pampasswd = password; pamstate = INITIAL_LOGIN; ! pam_retval = do_pam_authenticate(0); if (pam_retval == PAM_SUCCESS) { debug("PAM Password authentication accepted for " "user \"%...

...name); + pam_retval = pam_set_item(__pamh, PAM_TTY, ttyname); + if (pam_retval != PAM_SUCCESS) + fatal("PAM set tty failed[%d]: %.200s", + pam_retval, PAM_STRERROR(__pamh, pam_retval)); + } +} + /* Set PAM credentials */ void do_pam_setcred(int init) { @@ -344,17 +354,15 @@ do_pam_set_conv(&conv); if (password_change_required) { - if (use_privsep) - fatal("Password changing is currently unsupported" - " with privilege separation"); pamstate = OTHER; pam_retval = pam_chauthtok(__pamh, PAM_CHANGE_EXPIRED_AUTHTOK); if (pam_retval != PAM_SUCC...

----- Forwarded message from Andrea Barisani <lcars at infis.univ.trieste.it> ----- Date: Fri, 2 May 2003 14:01:33 +0200 From: Andrea Barisani <lcars at infis.univ.trieste.it> To: openssh at openssh.com Subject: openssh 3.6.1_p2 problem with pam Hi, I've just updated to openssh 3.6.1_p2 and I notice this behaviour: # ssh -l lcars mybox [2 seconds delay] lcars at mybox's

...name); + pam_retval = pam_set_item(__pamh, PAM_TTY, ttyname); + if (pam_retval != PAM_SUCCESS) + fatal("PAM set tty failed[%d]: %.200s", + pam_retval, PAM_STRERROR(__pamh, pam_retval)); + } +} + /* Set PAM credentials */ void do_pam_setcred(int init) { @@ -344,17 +354,15 @@ do_pam_set_conv(&conv); if (password_change_required) { - if (use_privsep) - fatal("Password changing is currently unsupported" - " with privilege separation"); pamstate = OTHER; pam_retval = pam_chauthtok(__pamh, PAM_CHANGE_EXPIRED_AUTHTOK); if (pam_retval != PAM_SUCC...

...-1 || len > sizeof(buf)) + fatal("pam_send: message too long"); + mstr = xstrdup(buf); + if (ctxt->pam_pid != 0) + debug2("to child: %d bytes", len); + r = send(ctxt->pam_sock, mstr, len + 1, MSG_EOR); + free(mstr); + return (r); +} - conv2.appdata_ptr = authctxt; - do_pam_set_conv(&conv2); +/* + * Peek at first byte of next message. + */ +static int +pam_peek(struct pam_ctxt *ctxt) +{ + char ch; - dispatch_set(SSH2_MSG_USERAUTH_INFO_RESPONSE, - &input_userauth_info_response_pam); - retval = (do_pam_authenticate(0) == PAM_SUCCESS); - dispatch_set(SSH2_MSG_USERAUT...

...== -1 || len >= sizeof(buf)) + fatal("sshpam_send: message too long"); + mstr = xstrdup(buf); + if (ctxt->pid != 0) + debug2("to child: %d bytes", len); + r = send(ctxt->sock, mstr, len + 1, MSG_EOR); + free(mstr); + return (r); +} - conv2.appdata_ptr = authctxt; - do_pam_set_conv(&conv2); +/* + * Peek at first byte of next message. + */ +static int +sshpam_peek(struct sshpam_ctxt *ctxt) +{ + char ch; - dispatch_set(SSH2_MSG_USERAUTH_INFO_RESPONSE, - &input_userauth_info_response_pam); - retval = (do_pam_authenticate(0) == PAM_SUCCESS); - dispatch_set(SSH2_MSG_...

...n == -1 || len > sizeof(buf)) + fatal("sshpam_send: message too long"); + mstr = xstrdup(buf); + if (ctxt->pid != 0) + debug2("to child: %d bytes", len); + r = send(ctxt->sock, mstr, len + 1, MSG_EOR); + free(mstr); + return (r); +} - conv2.appdata_ptr = authctxt; - do_pam_set_conv(&conv2); +/* + * Peek at first byte of next message. + */ +static int +sshpam_peek(struct sshpam_ctxt *ctxt) +{ + char ch; - dispatch_set(SSH2_MSG_USERAUTH_INFO_RESPONSE, - &input_userauth_info_response_pam); - retval = (do_pam_authenticate(0) == PAM_SUCCESS); - dispatch_set(SSH2_MSG_...