PAM merge from FreeBSD
Frank Cusack
fcusack at fcusack.com
Fri Jan 10 16:49:43 EST 2003
On Fri, Jan 10, 2003 at 12:44:51PM +1100, Damien Miller wrote:
> It also has support for POSIX threads, which is needed (I'm told) for
> modules like pam_krb5. I have tested this with my basic PAM config, but
> the patch doesn't include the configure glue to make it work.
Having written a pam_krb5 myself, I find this hard to believe. The
krb5 libs themselves do not have any thread support are not thread-safe.
The PAM library itself does not even support threads (each thread must have
it's own PAM handle). Besides, sshd is single-threaded.
Having not looked at the patch, though, I shouldn't be so quick to slam it.
I like the idea of only doing PAM via kbdint, but that's not going to work
for a very large number of people.
/fc
More information about the openssh-unix-dev
mailing list