Re: PAM Error: couldn't get the tty name
Hi,
i had the same problem with an ICA / Citrix server. The pam_access
module does not accept any authentication attempt, if it cannot
determine the TTY, what makes in my opinion no sense, if the from
field in access.conf is set to ALL. Thus i patched the pam_access
file. WIth this patch the configuration in /etc/pam.conf or
/etc/pam.d/whatever-service
can be given the additional argument unknown_tty=some_string
and the module will use some_string if it cannot determine the
TTY. Here's the diffs, you can apply it cd Linux-PAM-0.77
and patch -p 1 < my_patch. Then rebuild the RPM.
--- Linux-PAM-0.77/modules/pam_access/pam_access.c Fri Jul 2
12:36:22 2004
+++ Linux-PAM-0.77.paf/modules/pam_access/pam_access.c Fri Aug 13
17:05:59 2004
@@ -87,6 +87,7 @@
static const char *fs = ":"; /* field separator */
static const char sep[] = ", \t"; /* list-element separator */
+static const char *utty = NULL; /* unknown TTY allowed */
/* Constants to be used in assignments only, not in comparisons... */
@@ -141,6 +142,10 @@
return 0;
}
+ } else if (!strncmp("unknown_tty=", argv[i], 12)) {
+ /* unknown TTY is set to given string */
+ utty = argv[i] + 12;
+
} else {
_log_err("unrecognized option [%s]", argv[i]);
}
@@ -439,8 +440,12 @@
D(("PAM_TTY not set, probing stdin"));
from = ttyname(STDIN_FILENO);
if (from == NULL) {
- _log_err("couldn't get the tty name");
- return PAM_ABORT;
+ if (utty) {
+ from = utty;
+ } else {
+ _log_err("couldn't get the tty name");
+ return PAM_ABORT;
+ }
}
if (pam_set_item(pamh, PAM_TTY, from) != PAM_SUCCESS) {
_log_err("couldn't set tty name");
Regards,
Albert
Reply to: