Displaying 4 results from an estimated 4 matches for "pam_chauthtok_conv".
2003 Sep 23
5
PAM sessions and conversation functions
In OpenSSH 3.6.1p2, pam_open_session() ran with a conversation function,
do_pam_conversation(), that fed text to the client. In OpenSSH 3.7.1p2,
this is no longer the case: session modules run with a conversation
function that just returns PAM_CONV_ERR. This means that simple session
modules whose job involves printing text on the user's terminal no
longer work: pam_lastlog, pam_mail, and
2003 Nov 13
0
[PATCH] Make PAM chauthtok_conv function into tty_conv
Hi All.
Attached is a patch that converts pam_chauthtok_conv into a generic
pam_tty_conv, which is used rather than null_conv for do_pam_session.
This allows, for example, display of messages from PAM session modules.
The accumulation of PAM messages into loginmsg won't help until there is
a way to collect loginmsg from the monitor (see, eg, the patch...
2003 Oct 28
2
Privilege separation
...7 @@
sshpam_free_ctx
};
+#ifndef DISABLE_PRIVSEP
KbdintDevice mm_sshpam_device = {
"pam",
mm_sshpam_init_ctx,
@@ -507,6 +508,7 @@
mm_sshpam_respond,
mm_sshpam_free_ctx
};
+#endif /* DISABLE_PRIVSEP */
/*
* This replaces auth-pam.c
@@ -673,8 +675,10 @@
pam_conv.conv = pam_chauthtok_conv;
pam_conv.appdata_ptr = NULL;
+#ifndef DISABLE_PRIVSEP
if (use_privsep)
fatal("Password expired (unable to change with privsep)");
+#endif /* DISABLE_PRIVSEP */
sshpam_err = pam_set_item(sshpam_handle, PAM_CONV,
(const void *)&pam_conv);
if (sshpam_err != PAM_SUCCES...
2003 Oct 29
4
Fix for USE_POSIX_THREADS in auth-pam.c
As many of you know, OpenSSH 3.7.X, unlike previous versions, makes
PAM authentication take place in a separate process or thread
(launched from sshpam_init_ctx() in auth-pam.c). By default (if you
don't define USE_POSIX_THREADS) the code "fork"s a separate process.
Or if you define USE_POSIX_THREADS it will create a new thread (a
second one, in addition to the primary thread).
The