pam session
Andrew Bartlett
abartlet at pcug.org.au
Sat Jun 23 22:04:17 EST 2001
Jim Breton wrote:
>
> On Tue, Jun 19, 2001 at 03:11:02AM +0200, Christian Kraemer wrote:
> > This is espacially anoying if you
> > use pam_limits.so to set rlimits. Every user could
> > cirrcumvent them easily by calling ssh in this way:
> > ssh user at server /bin/sh
>
> Interestingly, Debian 2.2's openssh (1:1.2.3-9.3) does enforce rlimits
> somehow, not sure if it was specifically patched to do this or perhaps
> the older version just does not have this problem.
>
> Just an FYI, while messing with this I also notice that the SSH_CLIENT
> and SSH_TTY environment variables are not being set, and no authlog
> message is generated. (Neither of these problems exist in the Debian
> build.)
Yep, there has been some major regregression in this area (IMHO)
compared with previous releases. Both the pam session stuff and some
other logging seemed to get dropped.
Andrew Bartlett
--
Andrew Bartlett
abartlet at pcug.org.au
abartlet at samba.org
More information about the openssh-unix-dev
mailing list