pam session in linux port

mouring at etoh.eviladmin.org mouring at etoh.eviladmin.org
Sun Jun 24 02:59:29 EST 2001


Yep, you hit the nail on the head.. This is what was the nagging voice.
It's horrible when you have mailinglist messages scattered over multiple
mailboxes. <sigh>

However, my understand was either PAM was now (as of 2.9) handled as a
fake BSD-AUTH.  Or was going to be handled that way, and that would assist
in most of this problem.

- Ben

On Sat, 23 Jun 2001, Pekka Savola wrote:

> On Sat, 23 Jun 2001 mouring at etoh.eviladmin.org wrote:
> > I never saw a reponse from Damien, and there is a nagging voice in the
> > back of my mind about this topic, but for the life of me I can't find in
> > the archives what it was.
> >
> > If it's agreed that it should be done as soon as sort out re-install
> > issues under Linux I'll add it to both -HEAD and the 2.9 branch.
> >
> > As for any patch since 2.9 was released.  It seems most of us have gotten
> > backed up, and I plan on going back through (about 40 some of emails
> > patch suggestions that looked valid) and weeding through what should be
> > applied to and what should be reworked and proposed to the OpenBSD team.
>
> This has been in on and off.  The crux was that the pam session must be
> initialized after fork etc. if you want the limits to be effective for
> the user, not root, IIRC.
>
> This in turn caused some trouble.
>
> I recall the relevant commits were:
>
> ---
> 20010221
>  - (stevesk) session.c: back out to where we were before:
>     - (djm) Move PAM session initialisation until after fork in sshd. Patch
>       from Nalin Dahyabhai <nalin at redhat.com>
>
>
> 20010214
>  - (djm) Don't try to close PAM session or delete credentials if the
>    session has not been open or credentials not set. Based on patch from
>    Andrew Bartlett <abartlet at pcug.org.au>
>  - (djm) Move PAM session initialisation until after fork in sshd. Patch
>    from Nalin Dahyabhai <nalin at redhat.com>
> ---
>
> Also, there's some discussion on the issue in Red Hat bugzilla:
>
> http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=25690
> http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=27692
>
>
> So.. this definitely doesn't appear to be a trivial thing to "fix".
>
> --
> Pekka Savola                 "Tell me of difficulties surmounted,
> Netcore Oy                   not those you stumble over and fall"
> Systems. Networks. Security.  -- Robert Jordan: A Crown of Swords
>
>




More information about the openssh-unix-dev mailing list