HAVE_LOGIN_CAP & USE_PAM [Was: What is print_pam_messages() used for ?

Ralf Hack ralf.hack at pipex.net
Fri Jan 16 20:34:41 EST 2004

>Ralf Hack wrote:
>>  midnight emailing typo: Replace HAVE_SETPCRED with HAVE_LOGIN_CAP 
>>in my previous email. HAVE_LOGIN_CAP does have an #else branch and 
>>it does have USE_PAM _only_ in the #else branch. Sorry for the 
>It would seem that if UsePam=yes, then pam_setcred should be used, 
>otherwise setusercontext?  Or should both be used when PAM is 
>Previous thread:

Sorry if I miss your question, not quite sure if I am with you yet.

My concern was that do_pam_session() does not get called on FreeBSD. 
So I did patch the code to call both do_pam_session() and 
do_pam_setcred(0) in a mirror to the other (#else) part.  It is my 
understanding of PAM and the involved functions, that calling 
do_pam_setcred() often is a good thing. And there seem to be no 
adverse effects since I start using this change on FreeBSD.


More information about the openssh-unix-dev mailing list