openssh-3.7.1p2: no pam_close_session() invocation
Dr. Carsten Benecke
Carsten.Benecke at rrz.uni-hamburg.de
Fri Sep 26 23:01:59 EST 2003
Hello,
I would like to use PAM. All PAM interaction worked well with openssh-3.5
Now that I have tried to upgrade to 3.7.1p1/p2 the pam_close_session()
function won't get invoked. Some debugging shows, that the call is
protected by an if-statement (module auth-pam.c, function sshpam_cleanup):
if (sshpam_session_open) {
pam_close_session(sshpam_handle, PAM_SILENT);
/* cb, 26.09.03 */
debug2("\n\nin sshpam_cleanup: mypid = %d\n\n", getpid());
sshpam_session_open = 0;
}
I guess that the forked child process that calls the sshpam_cleanup()
function is forked before the parent calls do_pam_session() (which sets
sshpam_session_open to true).
pam_close_session() will be invoked by removing surrounding if-statement.
Is this a bug?
My changes to the default sshd_conf are:
72c72
< UsePAM yes
---
> #UsePAM yes
83c83
< UsePrivilegeSeparation no
---
> #UsePrivilegeSeparation yes
96c96
< #Subsystem sftp /local/libexec/sftp-server
---
> Subsystem sftp /local/libexec/sftp-server
By the way: This is a bug in the documentation: The default for UsePAM in
3.7.1p2 is "no" while "#UsePAM yes" implies the opposite.
Regards,
Carsten
--
Dr. Carsten Benecke, Regionales Rechenzentrum, Universität Hamburg,
Schlüterstr. 70, D-20146 Hamburg, Tel.: ++49 40 42838 3097,
Fax: ++49 40 42838 3096, mailto: Carsten.Benecke at rrz.uni-hamburg.de
More information about the openssh-unix-dev
mailing list