Add explanation of PAM_TTY kludge

author: Damien Miller <djm@mindrot.org> 2000-06-22 21:44:54 +1000
committer: Damien Miller <djm@mindrot.org> 2000-06-22 21:44:54 +1000
commit: c19fd5f4e25f58af35cbede8a442ed3965e32eb0 (patch)
tree: 9e9447364c72efc5a73cc07bf6eca0ce74ee50cf
parent: 8b7c6af89ec12e392877dc90f4c84f13d8100577 (diff)
1 files changed, 9 insertions, 2 deletions
diff --git a/auth-pam.c b/auth-pam.c
index 8ceb26917..da8c50d8d 100644
--- a/auth-pam.c
+++ b/auth-pam.c
@@ -34,7 +34,7 @@
 #include "xmalloc.h"
 #include "servconf.h"
-RCSID("$Id: auth-pam.c,v 1.7 2000/06/18 04:07:04 djm Exp $");
+RCSID("$Id: auth-pam.c,v 1.8 2000/06/22 11:44:54 djm Exp $");
 #define NEW_AUTHTOK_MSG \
        "Warning: You password has expired, please change it now"
@@ -245,7 +245,14 @@ void start_pam(struct passwd *pw)
                fatal("PAM initialisation failed: %.200s", 
                        PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
        }
-        
+        /*
+         * Some PAM modules (e.g. pam_time) require a TTY to operate,
+         * and will fail in various stupid ways if they don't get one. 
+         * sshd doesn't set the tty until too late in the auth process and may
+         * not even need one (for tty-less connections)
+         * Kludge: Set a fake PAM_TTY 
+         */
        pam_retval = pam_set_item((pam_handle_t *)pamh, PAM_TTY, "ssh");
        if (pam_retval != PAM_SUCCESS) {
                fatal("PAM set tty failed: %.200s",
author	Damien Miller <djm@mindrot.org>	2000-06-22 21:44:54 +1000
committer	Damien Miller <djm@mindrot.org>	2000-06-22 21:44:54 +1000
commit	c19fd5f4e25f58af35cbede8a442ed3965e32eb0 (patch)
tree	9e9447364c72efc5a73cc07bf6eca0ce74ee50cf
parent	8b7c6af89ec12e392877dc90f4c84f13d8100577 (diff)