pam session in linux port

Andrew Bartlett abartlet at pcug.org.au
Sun Jun 24 10:01:44 EST 2001 

Pekka Savola wrote:
> 
> On Sat, 23 Jun 2001 mouring at etoh.eviladmin.org wrote:
> > I never saw a reponse from Damien, and there is a nagging voice in the
> > back of my mind about this topic, but for the life of me I can't find in
> > the archives what it was.
> >
> > If it's agreed that it should be done as soon as sort out re-install
> > issues under Linux I'll add it to both -HEAD and the 2.9 branch.
> >
> > As for any patch since 2.9 was released.  It seems most of us have gotten
> > backed up, and I plan on going back through (about 40 some of emails
> > patch suggestions that looked valid) and weeding through what should be
> > applied to and what should be reworked and proposed to the OpenBSD team.
> 
> This has been in on and off.  The crux was that the pam session must be
> initialized after fork etc. if you want the limits to be effective for
> the user, not root, IIRC.
> 
> This in turn caused some trouble.
> 
> I recall the relevant commits were:
> 
> ---
> 20010221
>  - (stevesk) session.c: back out to where we were before:
>     - (djm) Move PAM session initialisation until after fork in sshd. Patch
>       from Nalin Dahyabhai <nalin at redhat.com>
> 
> 20010214
>  - (djm) Don't try to close PAM session or delete credentials if the
>    session has not been open or credentials not set. Based on patch from
>    Andrew Bartlett <abartlet at pcug.org.au>
>  - (djm) Move PAM session initialisation until after fork in sshd. Patch
>    from Nalin Dahyabhai <nalin at redhat.com>
> ---
> 
> Also, there's some discussion on the issue in Red Hat bugzilla:
> 
> http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=25690
> http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=27692
> 
> So.. this definitely doesn't appear to be a trivial thing to "fix".

We run if for exec_pty() just not for exec_no_pty(), so its not actualy
related.  Both are called at the same 'level' of the code, just
with/without a pty.

Andrew Bartlett
abartlet at pcug.org.au

-- 
Andrew Bartlett
abartlet at pcug.org.au
abartlet at samba.org

More information about the openssh-unix-dev mailing list