ssh and pam-script

Michal Nowikowski godfryd at
Wed Jan 4 19:16:34 EST 2006


I've got a problem with pam-script and ssh. pam-script is a module for PAM
that enables execution of given script while pam session opens and/or closes.
I try to use it with ssh while logging in and out: it is kind of login
and logout scripts.

PAM session creation is done in function do_pam_session which is invoked
by do_setusercontext which is invoked by do_child. do_child function
is invoked after fork. In a child process do_pam_session function sets
global variable sshpam_session_open to remember that session was opened.
After execution of do_setusercontext and do_pam_session function do_child
does something and then invokes bash by execve. So in this moment child
child process was destroyed by bash and sshpam_session_open variable
was lost but it should be remembered elsewhere: in parent, than it would
be possible to retrieve info that session was opened and must be closed
what is checked in sshpam_cleanup.

So in efect I am not able to use logout script because sshd never knows
that pam session was created

Could you help me with that? Maybe configuration of sshd should be different
that fork is not executed.

I use openssh 4.2p1-5 of Debian Sid.

Michał Nowikowski

More information about the openssh-unix-dev mailing list