search for: message_cat

...annot delete credentials[%d]: %.200s", pam_retval, PAM_STRERROR(__pamh, pam_retval)); } +#endif if (__pamh) { pam_retval = pam_end(__pamh, pam_retval); @@ -256,10 +257,8 @@ case PAM_SUCCESS: /* This is what we want */ break; -#if 0 case PAM_NEW_AUTHTOK_REQD: - message_cat(&__pam_msg, use_privsep ? - NEW_AUTHTOK_MSG_PRIVSEP : NEW_AUTHTOK_MSG); + message_cat(&__pam_msg, NEW_AUTHTOK_MSG); /* flag that password change is necessary */ password_change_required = 1; /* disallow other functionality for now */ @@ -267,7 +266,6 @@ no_agent_forw...

...shd AssignedTo: openssh-unix-dev at mindrot.org ReportedBy: don.sudom at dahlt.com Expired accounts fail with "PAM rejected by account configuration" error message. I noticed that this functionality has been disabled in auth-pam.c #if 0 case PAM_NEW_AUTHTOK_REQD: message_cat(&__pam_msg, use_privsep ? NEW_AUTHTOK_MSG_PRIVSEP : NEW_AUTHTOK_MSG); /* flag that password change is necessary */ password_change_required = 1; /* disallow other functionality for now */ no_port_forwarding_flag |= 2; no_agent_forwarding_flag |= 2; no_x11_forwarding_fla...

...p1. Among other changes, we would like to know specifically the reasons for the commented part of the PAM account expiration part in auth-pam.c. Why this part of the code is not used in 3.5p1? Is there any specific reasons for not using this part of the code? #if 0 case PAM_NEW_AUTHTOK_REQD: message_cat(&__pam_msg, use_privsep ? NEW_AUTHTOK_MSG_PRIVSEP : NEW_AUTHTOK_MSG); /* flag that password change is necessary */ password_change_required = 1; /* disallow other functionality for now */ no_port_forwarding_flag |= 2; no_agent_forwarding_flag |= 2; no_x11_forwarding_fla...

...ion" to do these tests. Here is the piece of code I'm talking about: switch (pam_retval) { case PAM_SUCCESS: /* This is what we want */ break; #if 0 case PAM_NEW_AUTHTOK_REQD: message_cat(&__pam_msg, use_privsep ? NEW_AUTHTOK_MSG_PRIVSEP : NEW_AUTHTOK_MSG); /* flag that password change is necessary */ password_change_required = 1; /* disallow other functionality for now */...

...+ packet_put_cstring(""); /* Instructions */ + packet_put_cstring(""); /* Language */ packet_put_int(context_pam2.num_expected); @@ -96,12 +103,7 @@ continue; context_pam2.prompts[j++] = i; - if (text) { - message_cat(&text, PAM_MSG_MEMBER(msg, i, msg)); - packet_put_cstring(text); - text = NULL; - } else - packet_put_cstring(PAM_MSG_MEMBER(msg, i, msg)); + packet_put_cstring(PAM_MSG_MEMBER(msg, i, msg)); packet_put_char(style == PAM_PROMPT_ECHO_O...

...annot delete credentials[%d]: %.200s", pam_retval, PAM_STRERROR(__pamh, pam_retval)); } +#endif if (__pamh) { pam_retval = pam_end(__pamh, pam_retval); @@ -256,10 +257,8 @@ case PAM_SUCCESS: /* This is what we want */ break; -#if 0 case PAM_NEW_AUTHTOK_REQD: - message_cat(&__pam_msg, use_privsep ? - NEW_AUTHTOK_MSG_PRIVSEP : NEW_AUTHTOK_MSG); + message_cat(&__pam_msg, NEW_AUTHTOK_MSG); /* flag that password change is necessary */ password_change_required = 1; /* disallow other functionality for now */ @@ -267,7 +266,6 @@ no_agent_forw...

...esp[i]->resp = pam_receive(ctxt); + break; + case PAM_PROMPT_ECHO_ON: + pam_send(ctxt, "P%s", msg[i]->msg); + resp[i]->resp = pam_receive(ctxt); break; - case PAM_TEXT_INFO: case PAM_ERROR_MSG: - default: - /* Capture all these messages to be sent at once */ - message_cat(&text, PAM_MSG_MEMBER(msg, i, msg)); + /*pam_send(ctxt, "e%s", msg[i]->msg);*/ break; + case PAM_TEXT_INFO: + /*pam_send(ctxt, "i%s", msg[i]->msg);*/ + break; + default: + goto fail; } } + return (PAM_SUCCESS); + fail: + while (i) + free(resp[--i]);...

...t;resp = sshpam_receive(ctxt); + break; + case PAM_PROMPT_ECHO_ON: + sshpam_send(ctxt, "P%s", msg[i]->msg); + resp[i]->resp = sshpam_receive(ctxt); break; - case PAM_TEXT_INFO: case PAM_ERROR_MSG: - default: - /* Capture all these messages to be sent at once */ - message_cat(&text, PAM_MSG_MEMBER(msg, i, msg)); + /*sshpam_send(ctxt, "e%s", msg[i]->msg);*/ break; + case PAM_TEXT_INFO: + /*sshpam_send(ctxt, "i%s", msg[i]->msg);*/ + break; + default: + goto fail; } } - - if (context_pam2.num_expected == 0) - return PAM_SUC...

...t;resp = sshpam_receive(ctxt); + break; + case PAM_PROMPT_ECHO_ON: + sshpam_send(ctxt, "P%s", msg[i]->msg); + resp[i]->resp = sshpam_receive(ctxt); break; - case PAM_TEXT_INFO: case PAM_ERROR_MSG: - default: - /* Capture all these messages to be sent at once */ - message_cat(&text, PAM_MSG_MEMBER(msg, i, msg)); + /*sshpam_send(ctxt, "e%s", msg[i]->msg);*/ + break; + case PAM_TEXT_INFO: + /*sshpam_send(ctxt, "i%s", msg[i]->msg);*/ break; + default: + goto fail; } } - - if (context_pam2.num_expected == 0) - return PAM_SUC...

...t password_change_required = 0; +extern int password_change_required; /* remember whether the last pam_authenticate() succeeded or not */ static int was_authenticated = 0; @@ -256,7 +256,6 @@ case PAM_SUCCESS: /* This is what we want */ break; -#if 0 case PAM_NEW_AUTHTOK_REQD: message_cat(&__pam_msg, use_privsep ? NEW_AUTHTOK_MSG_PRIVSEP : NEW_AUTHTOK_MSG); @@ -267,7 +266,6 @@ no_agent_forwarding_flag |= 2; no_x11_forwarding_flag |= 2; break; -#endif default: log("PAM rejected by account configuration[%d]: " "%.200s", pam_re...

Hi, I'm using openssh3.1p1 and I'm having some problem with password aging with ssh protocol 2. Every time a password expires and I try to login I get the following message ssh username at hostname username at hostname's password: Warning: Your password has expired, please change it now Enter login password: removing root credentials would break the rpc services that use secure rpc