[Bug 789] pam_setcred() not being called as root

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Thu Jan 15 23:28:24 EST 2004


http://bugzilla.mindrot.org/show_bug.cgi?id=789





------- Additional Comments From egmont at uhulinux.hu  2004-01-15 23:28 -------
Well, in the mean time I analyzed and debugged the source, and I also found
that pam_setcred() is being called twice. I can't really see its purpose either
and probably it might have strange side effects (e.g. I guess group membership
would be granted twice if it worked -- I didn't test it, it's just a guess.)

Furthermore it's strange that the first time (when it is called as root)
"reinitializing credentials" is logged and the second time (when it's called
as user) log says "establishing credentials", it seems to me that the order is
somehow swapped.

Before reading your comment here I created a very similar patch (attached here),
it works for me, groups are okay (I'm granted membership to my standard groups
(listed in /etc/group, initialized by openssh with an initgroups() call) as
well as to the additional (terminal-dependant, time-dependant etc.) groups
that are listed in /etc/security/group.conf (initialized by pam_group).




------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.




More information about the openssh-bugs mailing list