On 2018-11-02 Guido Günther <a...@sigxcpu.org> wrote: > On Thu, Oct 13, 2011 at 06:49:32PM +0200, Andreas Unterkircher wrote: >> Package: libpam-ccreds [...] >> When using pam_ccreds.so on Squeeze it logs the following message to >> /var/log/syslog on a user logon:
>> Oct 13 18:43:52 srv sshd[12920]: Libgcrypt warning: missing >> initialization - please fix the application >> >> A bug with a fix has been logged at launchpad too [1]. > I'm not seeing this atm. Andreas (Metzler) should we still do s.th. like > this: > > https://www.gnupg.org/documentation/manuals/gcrypt/Initializing-the-library.html Hello Guido, well the the referenced documentation is for 1.8.x, so it should be up to date. Doing this properly in PAM might be tricky: "It is important that these initialization steps are not done by a library but by the actual application." It is possible that the issue does not appera in stretch and later because the pam-dlopening binary already has initialized libgcrypt before libpam-ccreds is invoked. - Afaict libsystemd0 does this. If you decide to initialize libgcrypt in libpam-ccreds it is probably wise to look how systemd solves this: ------------- void initialize_libgcrypt(bool secmem) { const char *p; if (gcry_control(GCRYCTL_INITIALIZATION_FINISHED_P)) return; p = gcry_check_version("1.4.5"); assert(p); /* Turn off "secmem". Clients which wish to make use of this * feature should initialize the library manually */ if (!secmem) gcry_control(GCRYCTL_DISABLE_SECMEM); gcry_control(GCRYCTL_INITIALIZATION_FINISHED, 0); ------------- cu Andreas -- `What a good friend you are to him, Dr. Maturin. His other friends are so grateful to you.' `I sew his ears on from time to time, sure'