[Bug 2425] New: sshd doesn't need to call setproject() when configured to use PAM on Solaris

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Tue Jul 7 07:06:19 AEST 2015


https://bugzilla.mindrot.org/show_bug.cgi?id=2425

            Bug ID: 2425
           Summary: sshd doesn't need to call setproject() when configured
                    to use PAM on Solaris
           Product: Portable OpenSSH
           Version: 6.9p1
          Hardware: Sparc
                OS: Solaris
            Status: NEW
          Severity: minor
          Priority: P5
         Component: sshd
          Assignee: unassigned-bugs at mindrot.org
          Reporter: brent.paulson at gmail.com

Created attachment 2661
  --> https://bugzilla.mindrot.org/attachment.cgi?id=2661&action=edit
patch to limit setproject(3PROJECT) calls to non-PAM configurations

The OpenSSH bug:

1824 Added project(4) support for Solaris 10
https://bugzilla.mindrot.org/show_bug.cgi?id=1824

added code to call setproject(3PROJECT) on Solaris when
USE_SOLARIS_PROJECTS is defined.  The USE_SOLARIS_PROJECTS #define is
set when --with-solaris-projects is supplied to the configure script.

Ever since the introduction of projects in Solaris 9 a user's project
membership has been set by PAM.  As of Solaris 10, released in January
2005, the updating of a user's project information happens via
pam_unix_cred(5).  This PAM module must be present in all
authentication
PAM transactions and is part of all PAM stacks shipped with Solaris and
thus when PAM is configured for OpenSSH (--with-pam) it is not
necessary
to separately call setproject(3PROJECT).  In short, I'm suggesting
including '&& !defined(USE_PAM)' to the lines containing
'USE_SOLARIS_PROJECTS' in the portable OpenSSH source.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list