2.9.9p2 bug in PAM support

Andrew Bartlett abartlet at pcug.org.au
Tue Oct 2 00:04:42 EST 2001 

Nicolas Williams wrote:
> 
> Perhaps OpenSSH should use a different PAM_SERVICE name for non-tty
> sessions so its PAM stack could be configured differently than for tty
> sessions.
> 
> This may not be possible, if OpenSSH's sshd doesn't know what kind of
> session to run when it calls pam_start(). Is this so?

Indeed, this is unknown that the time pam_start() is called.
 
> Alternatively, using 'ssh' as the PAM_TTY might do, but then, should
> pam_close_session() be called right away after pam_open_session()?

Why?

> Nico
> 
> On Sat, Sep 29, 2001 at 09:57:48AM +1000, Andrew Bartlett wrote:
> > There are a number of bugs in some PAM modules (pam_time.so notably)
> > where they really object when you don't give them a TTY.  This define
> > just makes OpenSSH give 'ssh' as the tty.
> >
> > (The OpenSSH team are really in a bind here, as they have one group of
> > people - like me - who want those session modules used, and another
> > group for whome it locks them out.  As you noted the previous version
> > changed in your favor, but it was changed back on complaints from other
> > users and a 'discussion' on BugTraq).
> >
> > Hope this helps,
> >
> > Andrew Bartlett
> >
> > --
> --
> -DISCLAIMER: an automatically appended disclaimer may follow. By posting-
> -to a public e-mail mailing list I hereby grant permission to distribute-
> -and copy this message.-
> 
> Visit our website at http://www.ubswarburg.com
> 
> This message contains confidential information and is intended only
> for the individual named.  If you are not the named addressee you
> should not disseminate, distribute or copy this e-mail.  Please
> notify the sender immediately by e-mail if you have received this
> e-mail by mistake and delete this e-mail from your system.
> 
> E-mail transmission cannot be guaranteed to be secure or error-free
> as information could be intercepted, corrupted, lost, destroyed,
> arrive late or incomplete, or contain viruses.  The sender therefore
> does not accept liability for any errors or omissions in the contents
> of this message which arise as a result of e-mail transmission.  If
> verification is required please request a hard-copy version.  This
> message is provided for informational purposes and should not be
> construed as a solicitation or offer to buy or sell any securities or
> related financial instruments.

-- 
Andrew Bartlett                                 abartlet at pcug.org.au
Samba Team member, Build Farm maintainer        abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net

More information about the openssh-unix-dev mailing list