[OpenAFS-devel] Re: OpenAFS and glibc-2.2

Thomas Mueller thomas.mueller@hrz.tu-chemnitz.de
Mon, 26 Mar 2001 10:41:28 +0200 (MEST)


On 25 Mar 2001, Russ Allbery wrote:

> Thomas, at least per the man page on Solaris, I think this is the default
> behavior of initgroups.  initgroups says that it reads the groups database
> and initializes the supplemental group list to match the user's membership
> in various groups; implicit in "initializes" would be a discarding of all
> existing memberships.
>
> Sounds to me like a glibc 2.1 bug fixed in 2.2.

Maybe, but if so, it was a very useful bug :-)

I've tried the little program under Solaris 2.6 and Solaris 2.7,
the PAG was kept.
So I don't think its a bug, I rather think its an undocumented feature ...

If glibc-2.2 will continue to throw the PAG away, we will have to deal
with some broken apps, such as sshd, su and maybe others.
These apps are calling

pam_authenticate(...);
...
pam_setcred(...);
...
initgroups(...);

Some others (such as login, kdm) are calling

pam_authenticate(...);
...
initgroups(...);
...
pam_setcred(...);

Here we finally got a PAG. (Indeed we got two PAGs, one during
pam_authenticate(...) and a second one during pam_setcred(...).)

On 24 Mar 2001, Ulrich Drepper wrote:


> What NSS services are used?

/etc/nsswitch.conf says:

group: files

> Is nscd used?

no.

Thomas.

-- 
----------------------------------------------------------
Thomas Mller, TU Chemnitz, URZ, D-09107 Chemnitz, Germany
----------------------------------------------------------