diff options
| author | Tom Lane | 2009-10-16 22:09:16 +0000 |
|---|---|---|
| committer | Tom Lane | 2009-10-16 22:09:16 +0000 |
| commit | 4ce82365d08bc472267a41798973da28925a1fa0 (patch) | |
| tree | 981e7a88275330e90de8f779a60b220228e6b085 /doc/FAQ_DEV | |
| parent | f0e92290587b1536b80dc4a79e67cb9b541e9acb (diff) | |
Rewrite pam_passwd_conv_proc to be more robust: avoid assuming that the
pam_message array contains exactly one PAM_PROMPT_ECHO_OFF message.
Instead, deal with however many messages there are, and don't throw error
for PAM_ERROR_MSG and PAM_TEXT_INFO messages. This logic is borrowed from
openssh 5.2p1, which hopefully has seen more real-world PAM usage than we
have. Per bug #5121 from Ryan Douglas, which turned out to be caused by
the conv_proc being called with zero messages. Apparently that is normal
behavior given the combination of Linux pam_krb5 with MS Active Directory
as the domain controller.
Patch all the way back, since this code has been essentially untouched
since 7.4. (Surprising we've not heard complaints before.)
Diffstat (limited to 'doc/FAQ_DEV')
0 files changed, 0 insertions, 0 deletions