Working with PAM stages
Carl Jenkins
cjenkins5614 at gmail.com
Fri Aug 2 04:00:03 AEST 2019
Hi,
I’m trying to develop a PAM module with OpenSSH, and I realized I need to
retrieve something in a later stage that was saved in another previous
stage. As far as my tests on OpenSSH 7.6 go, the password auth route goes
through PAM auth, account, session, and the session stage is in a different
UNIX process from the process where auth and account take place. For the
key auth route, auth stage is bypassed in favor of the AuthorizedKeys or
AuthorizedKeysCommand (in its own process) mechanisms, while PAM account
and session stages are in the same process. Is this correct?
I’m aware of https://bugzilla.mindrot.org/show_bug.cgi?id=2548, which
correspond to the password route. Key route doesn’t seem to agree with it.
Regardless, I haven’t seen fixes around it.
And in either auth route, what do the two processes share uniquely for the
same login attempt, like a session ID that I can extract?
Best,
Carl
More information about the openssh-unix-dev
mailing list