This is actually something I had on my mind to write about in the past few -stable and alpha releases, but did not get to and instead always patched myself. Now having updated to the latest snapshot (which may be released as beta1), I stumbled on it again:

In src/auth/passdb-pam.c, where the client host is passed to PAM, the code looks like this:

#ifdef PAM_RHOST const char *host = net_ip2addr(&request->remote_ip); if (host != NULL) pam_set_item(pamh, PAM_RHOST, host); #endif

For some reason there is a preprocessor/compile-time check whethere there exists such a preprocessor symbol as the PAM item PAM_RHOST (why check that? IIRC PAM_RHOST is standard and in all PAM implementations).

However, PAM_RHOST (or other PAM items, for that matter), are not preprocessor symbols in all PAM implementations. For example, in OpenPAM (the PAM implementation used on FreeBSD >= 5.0, among others; FreeBSD 4 used Linux-PAM), PAM items are elements of an enum, and thus this check fails, and the client host is not passed to PAM.

Since it can be defined in several ways, I do not see how to check for it other than using a compilation test (in autoconf) and then defining something like HAVE_PAM_RHOST in config.h. However I do not see why check for it at all, so I propose to remove that #ifdef. Tiny patch attached for that.

Cheers, -- Tom

-- Tom Alsberg - hacker (being the best description fitting this space) Web page: http://www.cs.huji.ac.il/~alsbergt/ DISCLAIMER: The above message does not even necessarily represent what my fingers have typed on the keyboard, save anything further.