Regarding PAM_TTY_KLUDGE and Solaris 8...

Markus Friedl markus at openbsd.org
Fri Oct 26 22:11:13 EST 2001


On Fri, Oct 26, 2001 at 10:14:21AM +1000, Damien Miller wrote:
> On Thu, 25 Oct 2001, Ed Phillips wrote:
> 
> > What is the reasoning behind this?  Do we want to see a lastlog entry for
> > "ssh" whenever a user runs remote command?  Do other OSes have
> > pam_open_session that does more meaningful things than Solaris 8?
> > Well...  I guess the more I think about it, it's probably better to go
> > ahead an call pam_open_session even for the non-interactive case since
> > someone might want to implement a PAM module at their site that logs every
> > ssh connection... and if we don't call pam_open_session, then they don't
> > even have that capability if they wanted it.
> 
> Some people set rlimits using session modules. Someone even filed a Bugtraq
> report about it.

is this the right way?

isn't this an abuse of the PAM module? (perhaps file a Bugtraq report...)



More information about the openssh-unix-dev mailing list