[Bug 969] early setpcred() stomps on PAM
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Wed Jan 5 13:08:32 EST 2005
http://bugzilla.mindrot.org/show_bug.cgi?id=969
Summary: early setpcred() stomps on PAM
Product: Portable OpenSSH
Version: 3.9p1
Platform: All
OS/Version: AIX
Status: NEW
Severity: normal
Priority: P2
Component: sshd
AssignedTo: openssh-bugs at mindrot.org
ReportedBy: dleonard at vintela.com
The early call to setpcred() in do_setusercontext() seems to drop the euid to
the user's uid on AIX5.1. This stops the future call to initgroups() from
working if setpcred() doesn't get the supplementary group list right. Which it
doesn't with PAM.
The symptoms are a 'successful' login, but the session exits immediately, with
sshd logging "initgroups: Permission denied".
setpcred() must still be called at some stage to correctly set up the process
rlimits and auditing class. I found that moving it to the end of
do_setusercontext() works.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the openssh-bugs
mailing list