Doh!
This patch should be retracted. It didn't quite solve the problem. I found
that by disabling PRIVSEP the problem was fixed. PRIVSEP somehow breaks
setting the PAG. With PRIVSEP turned off, everything works...
But there are some other complaints about openssh that I haven't provided
patches for:
Password authentication should try pam with the supplied password. Apps
that don't support keyboard-interactive/pam and just do passwords should
still use PAM modules. Openssh is basically useless on PAM systems, since
many/most ssh clients do not support keyboard-interactive/pam. It looks
like this was intentionally removed... Is there any chance it might be put
back?
--Dean
On Fri, 17 Oct 2003, [iso-8859-2] Martin MOKREJ� wrote:
> On Mon, 6 Oct 2003, Dean Anderson wrote:
>
> HI,
> just wanted to be sure at least some things get fixed in the portable
> release, but this is what I got back about your patch. What do you think?
> Will you discuss at openssh-unix-dev and submit the patch to openssh
> developers and Cc: us? ;)
> Thanks!
>
>
> --- forwarded message
> From: Darren Tucker <[EMAIL PROTECTED]>
> To: Martin MOKREJ� <[EMAIL PROTECTED]>
> Date: Fri, 17 Oct 2003 21:09:18 +1000
> Subject: Re: Patch: Solved: Re: [OpenAFS-devel] PAM / openssh 3.7.1p2 (fwd)
>
> [ The following text is in the "iso-8859-1" character set. ]
> [ Your display is set for the "iso-8859-2" character set. ]
> [ Some characters may be displayed incorrectly. ]
>
> Martin MOKREJS wrote:
> > how about applying this patch?
>
> Ten bucks says it'll break PAM on some other platform (my guess is HP-UX,
> but maybe we should run a sweepstakes on it or something). Please post it
> to openssh-unix-dev and see what people say.
> -- end of forwarded message
>
>
>
> > The following patch fixes openssh-3.7.1p2 to work with the pam_afs.so
> > module:
> >
> > If anyone wants the rpm spec file for redhat 7.3, let me know.
> >
> > --Dean
> >
> > [EMAIL PROTECTED] SOURCES]# more openssh-3.7.1p2-av8.patch
> > diff -r -u openssh-3.7.1p2.orig/session.c openssh-3.7.1p2/session.c
> > --- openssh-3.7.1p2.orig/session.c Tue Sep 23 04:59:08 2003
> > +++ openssh-3.7.1p2/session.c Mon Oct 6 01:25:05 2003
> > @@ -1275,8 +1275,8 @@
> > * Reestablish them here.
> > */
> > if (options.use_pam) {
> > - do_pam_session();
> > do_pam_setcred(0);
> > + do_pam_session();
> > }
> > # endif /* USE_PAM */
> > # if defined(WITH_IRIX_PROJECT) || defined(WITH_IRIX_JOBS) ||
> > defined(WITH_IRIX_ARRAY)
> >
> >
> > _______________________________________________
> > OpenAFS-devel mailing list
> > [EMAIL PROTECTED]
> > https://lists.openafs.org/mailman/listinfo/openafs-devel
> >
>
> --
> Martin Mokrejs <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>
> PGP5.0i key is at http://www.natur.cuni.cz/~mmokrejs
> MIPS / Institute for Bioinformatics <http://mips.gsf.de>
> GSF - National Research Center for Environment and Health
> Ingolstaedter Landstrasse 1, D-85764 Neuherberg, Germany
> tel.: +49-89-3187 3683 , fax:�+49-89-3187 3585
>
_______________________________________________
OpenAFS-devel mailing list
[EMAIL PROTECTED]
https://lists.openafs.org/mailman/listinfo/openafs-devel
