New PAM code landing (at last)

Frank Cusack fcusack at
Sun May 11 19:26:06 EST 2003

On Sun, May 11, 2003 at 08:29:28AM +0100, James Williamson wrote:
> I've scanned the code and the PAM stuff is actually broken despite the
> privileges.
> The credentials stage is actually called after the session stage which runs
> contra
> to what the linux pam docs specify (i.e. it should be done before).

What is the credentials stage?  pam_setcred()?

Both the the Sun docs (Solaris 9_u2):

     The pam_setcred() function is used to establish, modify,  or
     delete  user  credentials.  It is typically called after the
     user has been authenticated and after  a  session  has  been

and the Linux-PAM docs (Linux-PAM-0.72):

  This function is used to set the module-specific credentials of the
  user.  It is usually called after the user has been authenticated,
  after the account management function has been called and after a
  session has been opened for the user.

say that you call this after pam_open_session().


More information about the openssh-unix-dev mailing list