On Nov 16, 2007, at 6:27 PM, Simon Wilkinson wrote:
On 16 Nov 2007, at 23:12, Russ Allbery wrote:
pam_afs creates a PAG and a token in a subprocess of ssh that is
discarded
after authentication. If this works on Solaris, I don't know how.
SunSSH doesn't use the same mechanism for intertwining the PAM and
SSH event loops that OpenSSH uses. In particular, I believe that
SunSSH preserves the behaviour that the authentication stack is
executed by a process that is an ancestor of the child shell.
Thanks for the additional information. The code is all available
(well, mostly) http://src.opensolaris.org/source/xref/onnv/onnv-gate/usr/src/cmd/ssh/
and there are some differences that the Sun SSH team took the time to
point out, at least with the privsep. I hadn't realized that the
branch of SUNWssh* from OpenSSH was as substantial as it appears to be.
./mk
--
Matthew Kolb
[EMAIL PROTECTED]
_______________________________________________
OpenAFS-devel mailing list
[email protected]
https://lists.openafs.org/mailman/listinfo/openafs-devel
