Patch: Solved: Re: [OpenAFS-devel] PAM / openssh 3.7.1p2
Dean Anderson
dean@av8.com
Mon, 6 Oct 2003 22:49:28 -0400 (EDT)
Ok, some joy was found by compiling the auth-pam.o with
-DUSE_POSIX_THREADS and linking with -lpthread. Looks like something in
the sshd "pthread emulation" is breaking pam_afs...
The pthread "emulation" is, well, interesting. It creates another process
and a couple sockets to communicate between them. It is unclear what
benefit this has. Pam_afs forks to enable automatic memory leak cleanup.
However, pthreads (if you use real pthreads), don't have this property.
It is unclear to me why the additional fork causes
ka_UserAutheticateGeneral not to properly set the PAG, nor why it would
get another pag. (could sshd have inherited this???)
I'm truly mystified as to why this works this way... I would really like
to hear from anyone who can explain this.
--Dean
On Mon, 6 Oct 2003, Dean Anderson wrote:
> Never mind. Somehow, it was getting the PAG of a previous login. This is
> probably a more serious bug (one shouldn't be able to get PAG's by UID
> association, right?), but not directly related to the openssh/pam_afs bug.
>
> So, anyone have any ideas on why the pam_afs module doesn't work with
> openssh?
>
> --Dean
>