[Bug 926] pam_session_close called as user or not at all

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Wed Aug 23 22:03:07 EST 2006


http://bugzilla.mindrot.org/show_bug.cgi?id=926





------- Comment #23 from t8m at centrum.cz  2006-08-23 22:03 -------
(In reply to comment #22)
> (In reply to comment #21)
> > The patch causes a regression with pam_krb5 module.
> > See https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=201341
> 
> Thanks for giving it a spin in Fedora.  Does this particular problem
> also occur with PrivSep=no?

I don't think that this occurs with privsep disabled.

> > As I said above I think that the only correct solution which would
> > solve all cases (privsep yes/no, root/regular user) would be to add
> > another fork before the setuid calls and shell process exec.
> 
> Would there be any downside to setting KRB5CCNAME in the parent too?

I don't know of any however note that with privsep disabled or when
called as root the pam_session_close still won't be called correctly.




------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.



More information about the openssh-bugs mailing list