Add explanation of PAM_TTY kludge
This commit is contained in:
parent
8b7c6af89e
commit
c19fd5f4e2
11
auth-pam.c
11
auth-pam.c
|
@ -34,7 +34,7 @@
|
||||||
#include "xmalloc.h"
|
#include "xmalloc.h"
|
||||||
#include "servconf.h"
|
#include "servconf.h"
|
||||||
|
|
||||||
RCSID("$Id: auth-pam.c,v 1.7 2000/06/18 04:07:04 djm Exp $");
|
RCSID("$Id: auth-pam.c,v 1.8 2000/06/22 11:44:54 djm Exp $");
|
||||||
|
|
||||||
#define NEW_AUTHTOK_MSG \
|
#define NEW_AUTHTOK_MSG \
|
||||||
"Warning: You password has expired, please change it now"
|
"Warning: You password has expired, please change it now"
|
||||||
|
@ -245,7 +245,14 @@ void start_pam(struct passwd *pw)
|
||||||
fatal("PAM initialisation failed: %.200s",
|
fatal("PAM initialisation failed: %.200s",
|
||||||
PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
|
PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Some PAM modules (e.g. pam_time) require a TTY to operate,
|
||||||
|
* and will fail in various stupid ways if they don't get one.
|
||||||
|
* sshd doesn't set the tty until too late in the auth process and may
|
||||||
|
* not even need one (for tty-less connections)
|
||||||
|
* Kludge: Set a fake PAM_TTY
|
||||||
|
*/
|
||||||
pam_retval = pam_set_item((pam_handle_t *)pamh, PAM_TTY, "ssh");
|
pam_retval = pam_set_item((pam_handle_t *)pamh, PAM_TTY, "ssh");
|
||||||
if (pam_retval != PAM_SUCCESS) {
|
if (pam_retval != PAM_SUCCESS) {
|
||||||
fatal("PAM set tty failed: %.200s",
|
fatal("PAM set tty failed: %.200s",
|
||||||
|
|
Loading…
Reference in New Issue