search for: tty_conv

Hi All. Attached is a patch that converts pam_chauthtok_conv into a generic pam_tty_conv, which is used rather than null_conv for do_pam_session. This allows, for example, display of messages from PAM session modules. The accumulation of PAM messages into loginmsg won't help until there is a way to collect loginmsg from the monitor (see, eg, the patches for bug #463). This is b...

...sation function needs to do vastly different things at different points in the protocol. Instead of one enormous multi-mode function, sshd has what is probably a record number of different conversation functions (5, in the current development versions). One of these is a fairly generic "tty_conv" that interacts with the user directly on stdin/stdout and /dev/tty. Since the user doesn't get a pty until quite late in the login process, this function is only used for pam_chauthtok() in some cases, and always after sshd has forked to set up for the user's shell. The code fo...

...method. The new method (which does *not* interoperate with the deprecated "gssapi" method) provides proper validation of the session ID between the client and the server. Some of the highlights (more in the ChangeLog): - (dtucker) [auth-pam.c] Convert chauthtok_conv into a generic tty_conv, and use it for do_pam_session. Fixes problems like pam_motd not displaying anything. ok djm@ - jakob at cvs.openbsd.org 2003/11/12 16:39:58 [dns.c dns.h readconf.c ssh_config.5 sshconnect.c] update SSHFP validation. ok markus@ - markus at cvs.openbsd.org 2003/11/17 11:06:07 [auth...

Hello there, We are using OpenSSH_3.9p1, OpenSSL 0.9.7d 17 Mar 2004 on various Solaris boxes with PAM and an LDAP server back end. Recently we have added a requirement for users to have complex passwords. The problem is, if a user's password has expired, when they log in they are prompted for a new password (good) but if they enter a non-complex new password the session is closed rather than