diff options
| author | Darren Tucker <dtucker@zip.com.au> | 2004-12-03 14:33:47 +1100 |
|---|---|---|
| committer | Darren Tucker <dtucker@zip.com.au> | 2004-12-03 14:33:47 +1100 |
| commit | c13866719fc39d5feebfb80ca251a7b31583d803 (patch) | |
| tree | 4c74232e227c89bf87b83eafcf2165a9aeaf7374 /auth2.c | |
| parent | 9c6bf325c0cf03fc40e87e51d165189dce07c594 (diff) | |
| download | openssh-git-c13866719fc39d5feebfb80ca251a7b31583d803.tar.gz | |
- (dtucker) [auth1.c auth2.c] If the user successfully authenticates but is
subsequently denied by the PAM auth stack, send the PAM message to the
user via packet_disconnect (Protocol 1) or userauth_banner (Protocol 2).
ok djm@
Diffstat (limited to 'auth2.c')
| -rw-r--r-- | auth2.c | 5 |
1 files changed, 3 insertions, 2 deletions
@@ -220,13 +220,14 @@ userauth_finish(Authctxt *authctxt, int authenticated, char *method) #ifdef USE_PAM if (options.use_pam && authenticated) { if (!PRIVSEP(do_pam_account())) { - authenticated = 0; /* if PAM returned a message, send it to the user */ if (buffer_len(&loginmsg) > 0) { buffer_append(&loginmsg, "\0", 1); userauth_send_banner(buffer_ptr(&loginmsg)); - buffer_clear(&loginmsg); + packet_write_wait(); } + fatal("Access denied for user %s by PAM account " + "configuration", authctxt->user); } } #endif |