Add explanation of PAM_TTY kludge

This commit is contained in:
Damien Miller 2000-06-22 21:44:54 +10:00
parent 8b7c6af89e
commit c19fd5f4e2
1 changed files with 9 additions and 2 deletions

View File

@ -34,7 +34,7 @@
#include "xmalloc.h" #include "xmalloc.h"
#include "servconf.h" #include "servconf.h"
RCSID("$Id: auth-pam.c,v 1.7 2000/06/18 04:07:04 djm Exp $"); RCSID("$Id: auth-pam.c,v 1.8 2000/06/22 11:44:54 djm Exp $");
#define NEW_AUTHTOK_MSG \ #define NEW_AUTHTOK_MSG \
"Warning: You password has expired, please change it now" "Warning: You password has expired, please change it now"
@ -246,6 +246,13 @@ void start_pam(struct passwd *pw)
PAM_STRERROR((pam_handle_t *)pamh, pam_retval)); PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
} }
/*
* Some PAM modules (e.g. pam_time) require a TTY to operate,
* and will fail in various stupid ways if they don't get one.
* sshd doesn't set the tty until too late in the auth process and may
* not even need one (for tty-less connections)
* Kludge: Set a fake PAM_TTY
*/
pam_retval = pam_set_item((pam_handle_t *)pamh, PAM_TTY, "ssh"); pam_retval = pam_set_item((pam_handle_t *)pamh, PAM_TTY, "ssh");
if (pam_retval != PAM_SUCCESS) { if (pam_retval != PAM_SUCCESS) {
fatal("PAM set tty failed: %.200s", fatal("PAM set tty failed: %.200s",