[Bug 789] pam_setcred() not being called as root
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Fri Jan 16 13:24:25 EST 2004
http://bugzilla.mindrot.org/show_bug.cgi?id=789
------- Additional Comments From dtucker at zip.com.au 2004-01-16 13:24 -------
Reset-after-initgroups is the first call (in do_setusercontext), and it already
runs as root.
I can imagine there could be credentials that would not require root to obtain
but could need the tty (I'm thinking Kerberos tickets, but I don't know it that
well and could be wrong).
We could make that call to pam_setcred non-fatal if not called as root, or not
call it at all if privsep is on?
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the openssh-bugs
mailing list