|[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]|
On 09.01.2009 1:45, Steve Langasek wrote:
Be it bug or not, anyway, any questions about OpenSSH are appropriate in their mailing list. As a member of that list, however, I'd meantion, that that exact issue was raised there previously, but OpenSSH developers for the reason, I don't remember currently, refused to deal with it. Please refer to that mailing list archive for details. My personal opinion about the issue in question is that your setup is unreasonably complex.That is a feature of OpenSSH. It is OpenSSH that is responsible for setting UID/GID and supplementary GIDs before starting user session. pam_set_item(pamh, PAM_USER, "system") sets only user name PAM is authenticating as, but OpenSSH doesn't check whether PAM_USER was changed during pam_authenticate() or not. Questions about OpenSSH are more appropriate in their mailing list.This is true that OpenSSH is responsible for setting the ids; I would, however, note that I think it's a (low-priority) bug in the PAM implementation of OpenSSH that it doesn't honor username mappings from the PAM stack.
-- Sincerely Your, Dan. _______________________________________________ Pam-list mailing list Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list