Sergio Gelato <[EMAIL PROTECTED]> writes: > If you're using privilege separation in OpenSSH, the setpag() that's > done in the authentication phase may not affect the user session (unless > they've managed to make that process a descendant of the one in which > the authentication takes place, or possibly unless the "multithreaded > sshd" hack is used). It's safer to setpag() in the session establishment > phase.
In fact, if you're using OpenSSH 4.2 and aren't building with the (unsupported and strongly discouraged by upstream) threading hack, any setpag() done in the authentication phase *definitely won't* affect the user session. OpenSSH 4.2 spawns a child process to do the PAM calls. (It's a stupid architecture that breaks all kinds of other things, but I'm not guessing I'm going to get anywhere with that discussion.) See Debian bug #342157. -- Russ Allbery ([EMAIL PROTECTED]) <http://www.eyrie.org/~eagle/> _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
