HAVE_LOGIN_CAP & USE_PAM [Was: What is print_pam_messages() used for ?
Ralf Hack
ralf.hack at pipex.net
Fri Jan 16 20:34:41 EST 2004
>Ralf Hack wrote:
>> midnight emailing typo: Replace HAVE_SETPCRED with HAVE_LOGIN_CAP
>>in my previous email. HAVE_LOGIN_CAP does have an #else branch and
>>it does have USE_PAM _only_ in the #else branch. Sorry for the
>>confusion.
>
>It would seem that if UsePam=yes, then pam_setcred should be used,
>otherwise setusercontext? Or should both be used when PAM is
>enabled?
>
>Previous thread:
>http://marc.theaimsgroup.com/?l=openssh-unix-dev&m=106924211427843
>
Sorry if I miss your question, not quite sure if I am with you yet.
My concern was that do_pam_session() does not get called on FreeBSD.
So I did patch the code to call both do_pam_session() and
do_pam_setcred(0) in a mirror to the other (#else) part. It is my
understanding of PAM and the involved functions, that calling
do_pam_setcred() often is a good thing. And there seem to be no
adverse effects since I start using this change on FreeBSD.
Ralf.
More information about the openssh-unix-dev
mailing list