[Bug 926] pam_session_close called as user or not at all

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Mon May 22 21:16:27 EST 2006


http://bugzilla.mindrot.org/show_bug.cgi?id=926





------- Comment #12 from dtucker at zip.com.au  2006-05-22 21:16 -------
NO(In reply to comment #11)
> On the first look the current patch seems good, however it doesn't seem
> to solve the problem when privsep is disabled. Or am I wrong?

No, you're right.  It doesn't solve the issue when privsep=no.

Fixing that means changing the way sshd works with PAM without privsep.
 We can do something similar to patch #1143 for that path, but that
means moving the pam_setcred can pam_session_open calls to before the
fork.  This in turn means there will be no pty, and modules won't be
able to interact with the user via the tty like they do now.

I can't see a way to make both work simultaneously.




------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.




More information about the openssh-bugs mailing list