Re: pam session

From: Greg Woods (woodsat_private)
Date: Sat Jun 23 2001 - 08:13:49 PDT

Next message: Jun-ichiro itojun Hagino: "issues with RFC2553 IPv6 API"

Previous message: David Howe: "Re: crypto flaw in secure mail standards"
In reply to: Christian Kraemer: "pam session"
Next in thread: Jim Breton: "Re: pam session"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> Does anybody know why openssh (openssh-2.9p1) on a linux system does not call
> pam_open_session if no pty is used? In this way the session modules (in
> /etc/pam.d) are not activated.

There are other problems with the interaction between openssh and PAM as
well. For instance, if you have users that have a null password, which we
use when the user's shell is responsible for doing one-time password
token authentication, you get a core dump. We've had to install passwords
for these users (by calling a different PAM module that authenticates
with our timecard database) to get around this.

sshd is also the only application that has this problem. telnet
and rlogin do not.

--Greg

Next message: Jun-ichiro itojun Hagino: "issues with RFC2553 IPv6 API"
Previous message: David Howe: "Re: crypto flaw in secure mail standards"
In reply to: Christian Kraemer: "pam session"
Next in thread: Jim Breton: "Re: pam session"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sun Jun 24 2001 - 09:18:13 PDT