[Bug 918] ssh_gssapi_storecreds called to late to be usable by PAM in sesion.c

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Sat Sep 11 20:02:17 EST 2004


http://bugzilla.mindrot.org/show_bug.cgi?id=918





------- Additional Comments From dtucker at zip.com.au  2004-09-11 20:02 -------
sshd.c calls do_setusercontext() to set up the post-auth privsep credentials,
and do_setusercontext has the pam_setcred() calls.  The second call to
do_setusercontext in session.c is a no-op for the privsep case (ie if uid != 0
&& euid != 0).

I whacked some debugs in at the #ifdef GSSAPI points and gssapi_storecreds(),
the interesting bits are:

debug3: PAM: opening session
debug2: User child is on pid 5313
debug3: mm_request_receive entering
debug1: PAM: reinitializing credentials
debug1: permanently_set_uid: 500/500
[...]
debug3: GSSAPI: ssh_gssapi_storecreds()
debug1: PAM: setting PAM_TTY to "/dev/pts/2"




------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.




More information about the openssh-bugs mailing list