[Bug 2425] New: sshd doesn't need to call setproject() when configured to use PAM on Solaris
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Tue Jul 7 07:06:19 AEST 2015
https://bugzilla.mindrot.org/show_bug.cgi?id=2425
Bug ID: 2425
Summary: sshd doesn't need to call setproject() when configured
to use PAM on Solaris
Product: Portable OpenSSH
Version: 6.9p1
Hardware: Sparc
OS: Solaris
Status: NEW
Severity: minor
Priority: P5
Component: sshd
Assignee: unassigned-bugs at mindrot.org
Reporter: brent.paulson at gmail.com
Created attachment 2661
--> https://bugzilla.mindrot.org/attachment.cgi?id=2661&action=edit
patch to limit setproject(3PROJECT) calls to non-PAM configurations
The OpenSSH bug:
1824 Added project(4) support for Solaris 10
https://bugzilla.mindrot.org/show_bug.cgi?id=1824
added code to call setproject(3PROJECT) on Solaris when
USE_SOLARIS_PROJECTS is defined. The USE_SOLARIS_PROJECTS #define is
set when --with-solaris-projects is supplied to the configure script.
Ever since the introduction of projects in Solaris 9 a user's project
membership has been set by PAM. As of Solaris 10, released in January
2005, the updating of a user's project information happens via
pam_unix_cred(5). This PAM module must be present in all
authentication
PAM transactions and is part of all PAM stacks shipped with Solaris and
thus when PAM is configured for OpenSSH (--with-pam) it is not
necessary
to separately call setproject(3PROJECT). In short, I'm suggesting
including '&& !defined(USE_PAM)' to the lines containing
'USE_SOLARIS_PROJECTS' in the portable OpenSSH source.
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list