Christos Zoulas wrote: 
> You need to modify openpam_ttyconv.c

I am inclined to agree. It currently simply prompts to stdout and reads
stdin, and it surprises me that ThinkSec AS and Network Associates Labs
The Security Research Division of NAI did not think a little longer about
that, or at least read getpass.3. I believe it should use /dev/tty.

However, I am not sure I know enough about applicable standards or
requirements for compatibility with other PAM implementations to just
dive in and change it. The change would not conflict with the man page
openpam_ttyconv.3, as the page is simply silent on the whole question
(which also strikes me as a bug). If it is to be changed, it should
surely be passed upstream.

-Chap