[OpenAFS-devel] Re: OpenAFS and glibc-2.2
Thomas Mueller
thomas.mueller@hrz.tu-chemnitz.de
Mon, 26 Mar 2001 10:41:28 +0200 (MEST)
On 25 Mar 2001, Russ Allbery wrote:
> Thomas, at least per the man page on Solaris, I think this is the default
> behavior of initgroups. initgroups says that it reads the groups database
> and initializes the supplemental group list to match the user's membership
> in various groups; implicit in "initializes" would be a discarding of all
> existing memberships.
>
> Sounds to me like a glibc 2.1 bug fixed in 2.2.
Maybe, but if so, it was a very useful bug :-)
I've tried the little program under Solaris 2.6 and Solaris 2.7,
the PAG was kept.
So I don't think its a bug, I rather think its an undocumented feature ...
If glibc-2.2 will continue to throw the PAG away, we will have to deal
with some broken apps, such as sshd, su and maybe others.
These apps are calling
pam_authenticate(...);
...
pam_setcred(...);
...
initgroups(...);
Some others (such as login, kdm) are calling
pam_authenticate(...);
...
initgroups(...);
...
pam_setcred(...);
Here we finally got a PAG. (Indeed we got two PAGs, one during
pam_authenticate(...) and a second one during pam_setcred(...).)
On 24 Mar 2001, Ulrich Drepper wrote:
> What NSS services are used?
/etc/nsswitch.conf says:
group: files
> Is nscd used?
no.
Thomas.
--
----------------------------------------------------------
Thomas Mller, TU Chemnitz, URZ, D-09107 Chemnitz, Germany
----------------------------------------------------------