different PAM/ssh server-session sequences for root and regular users?
Darren Tucker
dtucker at zip.com.au
Tue Apr 6 18:57:30 EST 2004
Frank Mohr wrote:
> I just noticed different sequences of PAM/ssh-session calls.
> (env: OpenSSH 3.8p1 on Linux with PAM-0.75)
>
> The channel 0 (server-session) seems to be startet very early for root
> and and after the pam-session is started for regular users.
>
> As a result, regular users don't have a tty when the pam-session modules
> are called.
>
> Is this intended?
The difference is probably PrivilegeSeparation. Do the differences go
away if you run sshd with "UsePrivilegeSeparation no" ?
From memory, when root logs in there's no privsep process (no point),
and for normal users the pty is not allocated (via the monitor) until
quite late in the login process (after the PAM session modules run).
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
More information about the openssh-unix-dev
mailing list