search for: sshpam_null_conv

Openssh 5.0p1 on HPUX 11.23. Here is the message: Jun 15 13:21:28 a300sua0 sshd[10798]: pam_setcred: error Permission denied See http://www.docs.hp.com/en/T1471-90033/ch01s06.html We track the issue to sshpam_cleanup() which resets the conversation function pointer to sshpam_null_conv() before calling pam_setcred with PAM_DELETE_CRED. sshpam_null_conv() always just returns PAM_CONV_ERR. It seems HPUX PAM module then decided to call the conversation function (not sure why), and gets this error. Is it possible/advisable to (maybe use #ifdef) move the pam_set_item call to after t...

...AM support AssignedTo: openssh-bugs at mindrot.org ReportedBy: dtucker at zip.com.au At the moment, output from the PAM account modules is discarded in some cases. This is because if the user hasn't gone through one of the PAM auth methods (eg if they used publickey) then the sshpam_null_conv conversation function is still used. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

...onnect with SSHv1 with an account that has an expired password, the code above will be called, and the debug messages will be sent to the client (since stdin/stdout is connected to the pty). Here's the output from the client: Password: Response: debug1: PAM: changing password debug3: PAM: sshpam_null_conv entering, 2 messages PAM: pam_chauthtok(): Authentication token manipulation error debug1: do_cleanup Connection to localhost closed. Despite pam_set_item claiming to succeed (it must have returned PAM_SUCCESS otherwise fatal() would have been called), tty_conv is *not* called by PAM, the previ...