2.9.9p2 and Solaris-2.8 PAM: Cannot delete credentials[7]: Permission denied

[Darren Moffat]

>Darren, can you tell us why Sun decided to implement
>pam_sm_setcred(PAM_DELETE_CRED) the way they did in pam_unix.so?
>Shouldn't keylogout be run for PAM_USER and not the euid of the caller?

This was because of a limitation in the internal API between libnsl and
keyserv at the time pam_unix was written, this limitation has only
recenly gone away.

This will probably be fixed in the next release of Solaris but it is
not easy for us to backport it as a patch at this time (due to the nature
of the changes).

--
Darren J Moffat