No TTY prealloc; Tru64 can't do post-auth privsep
Chris Adams
cmadams at hiwaay.net
Sat Jun 29 00:00:57 EST 2002
Once upon a time, Ben Lindstrom <mouring at etoh.eviladmin.org> said:
> can I get the manpages for the sia_*() functions used?
http://www.tru64unix.compaq.com/docs/base_doc/DOCUMENTATION/V51A_HTML/MAN/MAN3/0695____.HTM
For general info on the SIA architecture (which is kind of like PAM):
http://www.tru64unix.compaq.com/docs/base_doc/DOCUMENTATION/V51A_HTML/ARH95DTE/CSPRGXXX.HTM
which is part of
http://www.tru64unix.compaq.com/docs/base_doc/DOCUMENTATION/V51A_HTML/ARH95DTE/TITLE.HTM
--
Chris Adams <cmadams at hiwaay.net>
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.
> On Thu, 27 Jun 2002, Chris Adams wrote:
> > Well, after digging around and thinking some more, I'm giving up on the
> > idea of preallocating a TTY to get post-auth privsep working on Tru64.
> > I don't think it will work, because just allocating a TTY doesn't fix
> > the problem - there's no valid way to tie that TTY back to the client
> > process (because it hasn't requested a TTY yet and may not ever do so).
> > The problem is that the Tru64 session setup routines may require a TTY
> > for interaction with the client (changing expired passwords for example)
> > or for notifying the client that the account is locked, expired, etc.
> > The interactive cases obviously don't work on non-TTY logins right now,
> > but I don't want to break them for the TTY cases too where they
> > currently work.
> >
> > Just add Tru64 to the set of platforms that can't do post-auth privsep
> > (I still don't think it should be flagged as BROKEN_FD_PASSING because
> > FD passing does work on Tru64, but whatever).
More information about the openssh-unix-dev
mailing list