pam session in linux port

Pekka Savola pekkas at netcore.fi
Sun Jun 24 03:08:03 EST 2001


On Sat, 23 Jun 2001 mouring at etoh.eviladmin.org wrote:
> I never saw a reponse from Damien, and there is a nagging voice in the
> back of my mind about this topic, but for the life of me I can't find in
> the archives what it was.
>
> If it's agreed that it should be done as soon as sort out re-install
> issues under Linux I'll add it to both -HEAD and the 2.9 branch.
>
> As for any patch since 2.9 was released.  It seems most of us have gotten
> backed up, and I plan on going back through (about 40 some of emails
> patch suggestions that looked valid) and weeding through what should be
> applied to and what should be reworked and proposed to the OpenBSD team.

This has been in on and off.  The crux was that the pam session must be
initialized after fork etc. if you want the limits to be effective for
the user, not root, IIRC.

This in turn caused some trouble.

I recall the relevant commits were:

---
20010221
 - (stevesk) session.c: back out to where we were before:
    - (djm) Move PAM session initialisation until after fork in sshd. Patch
      from Nalin Dahyabhai <nalin at redhat.com>


20010214
 - (djm) Don't try to close PAM session or delete credentials if the
   session has not been open or credentials not set. Based on patch from
   Andrew Bartlett <abartlet at pcug.org.au>
 - (djm) Move PAM session initialisation until after fork in sshd. Patch
   from Nalin Dahyabhai <nalin at redhat.com>
---

Also, there's some discussion on the issue in Red Hat bugzilla:

http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=25690
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=27692


So.. this definitely doesn't appear to be a trivial thing to "fix".

-- 
Pekka Savola                 "Tell me of difficulties surmounted,
Netcore Oy                   not those you stumble over and fall"
Systems. Networks. Security.  -- Robert Jordan: A Crown of Swords




More information about the openssh-unix-dev mailing list