PAM merge from FreeBSD
Dag-Erling Smorgrav
des at ofug.org
Thu Feb 27 06:42:49 EST 2003
Frank Cusack <fcusack at fcusack.com> writes:
> The PAM stuff runs in the priv part. You communicate to the unpriv part
> via a socket. Why bother with threads? The thread is just an added
> complication. OK, it avoids having to grab control of the main loop
> from within the conversation function, but I just wonder if there's
> another way to do this.
There is no other way with privsep (BTW, the code can use a separate
process instead of threads, but then you lose context sharing which
may prevent some modules from working)
> I mean, you're still stuck in the conv.
> function until the info response comes back, anyway. How do (will)
> you handle restarting the authentication (client sends USERAUTH_REQUEST
> instead of USERAUTH_INFO_RESPONSE)?
That is a separate issue which neither the old nor the new code address.
DES
--
Dag-Erling Smorgrav - des at ofug.org
More information about the openssh-unix-dev
mailing list