Fix for USE_POSIX_THREADS in auth-pam.c
Damien Miller
djm at mindrot.org
Fri Oct 31 08:14:53 EST 2003
On Fri, 2003-10-31 at 03:31, Steven Michaud wrote:
> Pam_krb5's pam_sm_setcred() function recovers and exports to disk the
> Kerberos credentials that were created in pam_sm_authenticate() (and
> stored to PAM's internal state by a call to pam_set_data()), then sets
> the KRB5CCNAME variable (in the PAM environment) to point to the cache
> file. You can trigger this by a call to do_pam_setcred() in OpenSSH.
> But it must be done while still in the child process where PAM
> authentication took place -- the internal state where the Kerberos
> credentials were stored (by pam_set_data()) is only present in the
> child, not in the parent.
What is to stop us from exporting state set by pam_set_data from the
child to the parent?
-d
More information about the openssh-unix-dev
mailing list