[Bug 926] pam_session_close called as user or not at all

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Sat Jun 24 11:19:43 EST 2006


http://bugzilla.mindrot.org/show_bug.cgi?id=926





------- Comment #20 from dtucker at zip.com.au  2006-06-24 11:19 -------
(In reply to comment #19)
> I've been bitten by this bug as well. (Want to do custom session
> teardown as root. Currently, only "UseLogin yes" gets me there, but of
> course that costs me X11 forwarding.)
> 
> I've applied patch 1143 to an openssh_cvs tree and tested on a
> Debian/unstable Linux system. My observations:

Firstly, thanks for testing.

> 1. pam_sm_{open,close}_session() are correctly invoked as root.

Cool.

> 2. Messages written to stdout/stderr in pam_sm_{open,close}_session()
> are not visible to the user logging in or out. (I don't know if this
> is by PAM's design or not.)

PAM modules should not be writing to stdout or stderr.  If they have
something to say they should call the conversation function.  (There's
a simple example here:
http://www.zip.com.au/~dtucker/patches/pam_echo.c, which is based on
pam_echo from OpenPAM.)




------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.




More information about the openssh-bugs mailing list