Re: PAM Error: couldn't get the tty name

• Previous message: Osamu Aoki: "Re: apache2 and php4"
• Next in thread: TDSCAF: "Re: PAM Error: couldn't get the tty name"
• Maybe reply: TDSCAF: "Re: PAM Error: couldn't get the tty name"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: Fri, 13 Aug 2004 17:40:49 +0200
To: agraham@array.ca

Hi,

i had the same problem with an ICA / Citrix server. The pam_access
module does not accept any authentication attempt, if it cannot
determine the TTY, what makes in my opinion no sense, if the from
field in access.conf is set to ALL. Thus i patched the pam_access
file. WIth this patch the configuration in /etc/pam.conf or
/etc/pam.d/whatever-service
can be given the additional argument unknown_tty=some_string
and the module will use some_string if it cannot determine the
TTY. Here's the diffs, you can apply it cd Linux-PAM-0.77
and patch -p 1 < my_patch. Then rebuild the RPM.

--- Linux-PAM-0.77/modules/pam_access/pam_access.c Fri Jul 2
12:36:22 2004
+++ Linux-PAM-0.77.paf/modules/pam_access/pam_access.c Fri Aug 13
17:05:59 2004
@@ -87,6 +87,7 @@
 
 static const char *fs = ":"; /* field separator */
 static const char sep[] = ", \t"; /* list-element separator */
+static const char *utty = NULL; /* unknown TTY allowed */
 
  /* Constants to be used in assignments only, not in comparisons... */
 
@@ -141,6 +142,10 @@
         return 0;
         }
        
+ } else if (!strncmp("unknown_tty=", argv[i], 12)) {
+ /* unknown TTY is set to given string */
+ utty = argv[i] + 12;
+
     } else {
         _log_err("unrecognized option [%s]", argv[i]);
     }
@@ -439,8 +440,12 @@
             D(("PAM_TTY not set, probing stdin"));
         from = ttyname(STDIN_FILENO);
         if (from == NULL) {
- _log_err("couldn't get the tty name");
- return PAM_ABORT;
+ if (utty) {
+ from = utty;
+ } else {
+ _log_err("couldn't get the tty name");
+ return PAM_ABORT;
+ }
          }
         if (pam_set_item(pamh, PAM_TTY, from) != PAM_SUCCESS) {
             _log_err("couldn't set tty name");

Regards,

 Albert

-- 
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

• Previous message: Osamu Aoki: "Re: apache2 and php4"
• Next in thread: TDSCAF: "Re: PAM Error: couldn't get the tty name"
• Maybe reply: TDSCAF: "Re: PAM Error: couldn't get the tty name"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages Re: PAM Error: couldnt get the tty name ... i had the same problem with an ICA / Citrix server. ... module does not accept any authentication attempt, ... determine the TTY, what makes in my opinion no sense, if the from ... (Debian-User) Re: [PATCH] tty races ... >> There are a couple of tty race conditions, ... > a) we have lock_kernelcoverage and the down's sleeping breaks the ... The patch was written for case a. ... (Linux-Kernel) [PATCH] Fix pc300_tty.c -> implement tiocmset/tiocmget (fwd) ... This patch fixes pc300_tty.c, ... attached patch implements tiocmset/tiocmget methods on the ... pc300_tty.c driver, which is the new method tty drivers are supposed to ... This fixes two related issues in the ioctl handler: ... (Linux-Kernel) [PATCH] Fix IXANY and restart after signal (e.g. ctrl-C) in n_tty line discipline ... See patch below for more details. ... Fix two N_TTY line discipline issues related to resuming a stopped TTY ... Fix handling of character that resumes a stopped TTY ... With "stty -ixany", interrupt signals were ignored ... (Linux-Kernel) [PATCH] (*revised*) Fix IXANY and restart after signal (e.g. ctrl-C) in n_tty line discipline ... Here is a revised version of my patch, currently in the -mm kernel as ... Fix two N_TTY line discipline issues related to resuming a stopped TTY ... Fix handling of character that resumes a stopped TTY ... (Linux-Kernel)