On Thursday, January 12, 2006 04:15:08 PM -0800 Russ Allbery
<[EMAIL PROTECTED]> wrote:
In fact, if you're using OpenSSH 4.2 and aren't building with the
(unsupported and strongly discouraged by upstream) threading hack, any
setpag() done in the authentication phase *definitely won't* affect the
user session. OpenSSH 4.2 spawns a child process to do the PAM calls.
(It's a stupid architecture that breaks all kinds of other things, but I'm
not guessing I'm going to get anywhere with that discussion.)
It does break all kinds of things, and it is annoying.
However, they do it that way not as part of some misguided attempt at
"security", but because of the constraints imposed by the way their SSH
protocol parser interacts with keyboard-interactive. Fixing it would
require significant work, not to mention actually getting the fix accepted.
-- Jeff
_______________________________________________
OpenAFS-info mailing list
[email protected]
https://lists.openafs.org/mailman/listinfo/openafs-info
