LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   PAM module's pam_echo messages are printed twice on console (https://www.linuxquestions.org/questions/linux-security-4/pam-modules-pam_echo-messages-are-printed-twice-on-console-4175732627/)

shootmadbeka 01-10-2024 03:19 AM
PAM module's pam_echo messages are printed twice on console
 
I'm using PAM (Pluggable Authentication Modules) for authentication in my Linux system and I'm encountering an issue where messages from pam_echo are being printed twice on the console.

Here's my PAM configuration:

Code:
auth    required      pam_echo.so test1
auth    required      pam_unix.so
auth    required      pam_echo.so test
account  optional      pam_echo.so test_account
account  sufficient    pam_unix.so
password required      pam_unix.so
session  required      pam_unix.so
# to prevent to not run systemd --user for root, use trick
session  sufficient    pam_succeed_if.so  uid = 0
session  required      pam_systemd.so
In this configuration, I'm using pam_echo to print some messages during the authentication process. However, each message is being printed twice on the console.

Additionally, if I initially input an incorrect password and then subsequently provide the correct one, the messages are displayed three times, which is not the expected behavior.

Interestingly, when I use the ssh -q command, which suppresses non-error messages, each message is displayed only once, as originally intended.

I've checked and confirmed that each pam_echo line in the configuration is only being executed once, so I'm not sure why the messages are being printed twice.

Does anyone know why this might be happening and how I can ensure that the messages are only printed once?

I attempted to SSH into a host using a test user, with the expectation that the messages from my PAM configuration would only appear once on the console. Here's the command I used:

Code:
ssh dummy@<host>
After entering the password, I expected to see the following output:

Code:
dummy@<host>'s password:
test1
test
test_account
[dummy@localhost /home/dummy]
#
However, the test1, test, and test_account messages were printed twice, as shown below:

Code:
dummy@<host>'s password:
test1
test
test_account
test1
test
test_account
[dummy@localhost /home/dummy]
#
I'm unsure why this is happening, as my PAM configuration should only print these messages once.


All times are GMT -5. The time now is 02:02 PM.