openssh-3.7p1+ and PAM on OS X

Nick Lane-Smith nickls at apple.com
Fri Nov 12 08:14:47 EST 2004


Hello list,

Bug 688 is causing me a massive headache on OS X.

The fact that each PAM authentication takes place in a separate process 
means the PAM context data isn't shared and therefore prevents the 
passing of data between modules. (pam_set_data, and pam_get_data)

Compiling with pthreads isn't really an option because of the added 
security risk and the fact that some of the PAM modules are not thread 
safe and would be troublesome to make thread safe.

Storing the data in the environment really isn't an option, as it is 
sensitive.

Is there another solution that you could suggest?

How do you plan to fix 688?
does the fix have an ETA?

Cheers,
-Nick

Also, PAM support in 3.9p1 is completely broken on OS X. (I'm still 
investigating)

http://bugzilla.mindrot.org/show_bug.cgi?id=688




More information about the openssh-unix-dev mailing list