Bug 1028

Summary: sshd does not forward final non-query conversations to client during pam auth
Product: Portable OpenSSH Reporter: David Leonard <David.Leonard>
Component: PAM supportAssignee: OpenSSH Bugzilla mailing list <openssh-bugs>
Status: CLOSED FIXED    
Severity: normal CC: t8m
Priority: P2    
Version: 4.0p1   
Hardware: All   
OS: All   
URL: http://www.mindrot.org/pipermail/openssh-unix-dev/2005-May/023157.html
Bug Depends on:    
Bug Blocks: 1047    
Attachments:
Description Flags
send output from pam modules as info text none

Description David Leonard 2005-05-02 13:08:27 AEST 
When a PAM auth module calls through the pam_conv to display a non-prompt
message just before it returns PAM_AUTH_ERR,  sshd gets the message text and
appends it to a banner buffer to be sent later at session startup.

The problem is that because authentication fails, the buffer is never sent,
meaning the important message from the auth module never makes it to the user
client.
Comment 1 Darren Tucker 2005-05-02 16:06:08 AEST 
Created attachment 894 [details]
send output from pam modules as info text

Please try this patch (against -current but may apply to earlier versions). 
I'm not sure it does the right thing in all cases, though, so it want looking
at pretty carefully.
Comment 2 Darren Tucker 2005-07-14 13:57:00 AEST 
Does the attached patch fix the issue you're seeing?
Comment 3 David Leonard 2005-07-14 14:07:48 AEST 
(In reply to comment #2)
> Does the attached patch fix the issue you're seeing?

Yes. It has been in the vintela-openssh patches for about 2 months now and seems
pretty stable.
Comment 4 Darren Tucker 2005-07-14 14:40:28 AEST 
In that case unless there are any objections I will apply it to the main tree. 
Thanks.
Comment 5 Darren Tucker 2005-09-30 10:56:15 AEST 
Patch in attachment #894 [details] has been applied to both -HEAD and 4.2 branch.  Thanks all.
Comment 6 Darren Tucker 2006-10-07 11:40:01 AEST 
Change all RESOLVED bug to CLOSED with the exception of the ones fixed post-4.4.