Deleting root credentials
Darren Tucker
dtucker at zip.com.au
Wed Jun 14 15:51:18 EST 2006
Senthil Kumar wrote:
> I'm using OpenSSH 4.3 compiled with PAM support. Im using a proprietary PAM
> module for my Authentication. When the root user logs out, it throws a
> message "pam_setcred : Pemission denied" in syslog. The PAM engineer told me
> that the module can't delete root users credentials. Instead he is asking me
> to skip the call pam_setcred() in sshpam_cleanup() in auth-pam.c for root
> user.
You can try the patch #1143 in [1], which attempts to fix this for
regular users when privsep=yes. I think it will also help for root when
privsep=yes, but I'm not 100% sure. It won't help if privsep=no.
> Is this is the right way?
Not really, but fixing this for the general case is not trivial (see the
discussion in [1]).
> Is there any impact with this?
Depends on what your PAM modules actually do... presumably the authors
of your modules would be able to say for certain.
[1] http://bugzilla.mindrot.org/show_bug.cgi?id=926
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
More information about the openssh-unix-dev
mailing list