[Bug 926] pam_session_close called as user or not at all

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Fri Jun 23 20:48:12 EST 2006


------- Comment #17 from dtucker at zip.com.au  2006-06-23 20:48 -------
(In reply to comment #16)
> as the pam code has changed a lot, I wonder if you could please
> summarize the stat of the art?

Changes since when?  We've been trying for incremental improvements for
a while...

> Which process will call which pam function and how is this related to
> the privsep settings?

This patch is not in the main code yet, but with it applied and
privsep=yes, the monitor will call both pam_session_open() and
pam_session_close() and will, I believe, solve the problem you

With the patch applied and privsep=no, pam_session_open() will be
called by the process that later exec's the user's shell (I'm not sure
pam_session_close() is called at all because the "session open" flag
isn't set in the parent... that's one of the next things to look at.)

Confirmation of whether or not it actually fixes your problem would be

------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

More information about the openssh-bugs mailing list