[Bug 926] pam_session_close called as user or not at all
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Sat Jun 24 11:19:43 EST 2006
http://bugzilla.mindrot.org/show_bug.cgi?id=926
------- Comment #20 from dtucker at zip.com.au 2006-06-24 11:19 -------
(In reply to comment #19)
> I've been bitten by this bug as well. (Want to do custom session
> teardown as root. Currently, only "UseLogin yes" gets me there, but of
> course that costs me X11 forwarding.)
>
> I've applied patch 1143 to an openssh_cvs tree and tested on a
> Debian/unstable Linux system. My observations:
Firstly, thanks for testing.
> 1. pam_sm_{open,close}_session() are correctly invoked as root.
Cool.
> 2. Messages written to stdout/stderr in pam_sm_{open,close}_session()
> are not visible to the user logging in or out. (I don't know if this
> is by PAM's design or not.)
PAM modules should not be writing to stdout or stderr. If they have
something to say they should call the conversation function. (There's
a simple example here:
http://www.zip.com.au/~dtucker/patches/pam_echo.c, which is based on
pam_echo from OpenPAM.)
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the openssh-bugs
mailing list