[OpenAFS] home on afs woes
Thu, 12 Jan 2006 16:15:08 -0800
Sergio Gelato <Sergio.Gelato@astro.su.se> writes:
> If you're using privilege separation in OpenSSH, the setpag() that's
> done in the authentication phase may not affect the user session (unless
> they've managed to make that process a descendant of the one in which
> the authentication takes place, or possibly unless the "multithreaded
> sshd" hack is used). It's safer to setpag() in the session establishment
In fact, if you're using OpenSSH 4.2 and aren't building with the
(unsupported and strongly discouraged by upstream) threading hack, any
setpag() done in the authentication phase *definitely won't* affect the
user session. OpenSSH 4.2 spawns a child process to do the PAM calls.
(It's a stupid architecture that breaks all kinds of other things, but I'm
not guessing I'm going to get anywhere with that discussion.)
See Debian bug #342157.
Russ Allbery (firstname.lastname@example.org) <http://www.eyrie.org/~eagle/>