--On Wednesday, September 27, 2006 2:25 PM -0700 Russ Allbery
<[EMAIL PROTECTED]> wrote:
Mike Dopheide <[EMAIL PROTECTED]> writes:
OpenSSH 3.9p1 or 4.2p1
Building a new version of OpenSSH for 5.8 results in an sshd that ends
up sharing AFS tokens between users.
Sounds like OpenSSH isn't creating a PAG properly. Generally this is done
via PAM modules. It's possible something changed about how OpenSSH called
PAM between those versions.
Almost certainly - PAM fixes abound in recent openssh versions. Things to
try:
- Turn off PrivSep (most likely to fix your problem)
- Test the newly released 4.4p1
The main issue is that PAM must run as root, but most of the opensshd work
is done in a non-privileged child co-process when PrivSep is enabled for
security reasons. So some PAM modules just don't work with PrivSep enabled,
although there have been many improvements recently to make more
"differently behaved" PAM modules work properly.
--
Carson
_______________________________________________
OpenAFS-info mailing list
[email protected]
https://lists.openafs.org/mailman/listinfo/openafs-info
