[PATCH] Set KRB5PRINCIPAL in user environment

Jakub Jelen jjelen at redhat.com
Sat Mar 17 00:54:38 AEDT 2018


On Fri, 2018-03-16 at 19:07 +1030, David Newall wrote:
> > There is no reply about this demand since the firt proposition
> > has  if nobody in dev team cares about it :(
> 
> I'm curious about the first section of the diff, which exports 
> SSH_GSSAPI_DISPLAYNAME to PAM.  Is that useful?  Am I right that the
> PAM 
> environment forms no part of the client session?  Does PAM not work
> for GSS?

Yes, the PAM environment is separate from the environment, where the
new user session is created.

PAM works fine with GSS, but you might have PAM modules, that might use
this variable to do some further decisions while setting user session,
but I do not see if this is used in practice anywhere at this moment.

Regards,
-- 
Jakub Jelen
Software Engineer
Security Technologies
Red Hat, Inc.


More information about the openssh-unix-dev mailing list