On Mon, 26 Jan 2004, Jeffrey Hutzelman wrote:
Worse, it would not solve the problem. The trouble here is not that AFS tokens are stored in a kernel data structure instead of a file. It's that they are indexed by a value which must be set on login, inherited from each process by its children, and must not be changeable by the user (to prevent token stealing). OpenSSH loses not because you need special code to set tokens, and not even because you need special code to generate a new PAG -- those things can be done by a PAM module. OpenSSH loses because the PAM session module gets called outside the inheritance chain of the user's shell, which means it can't set a PAG or anything else that is inherited across a fork (e.g. groups, environment variables, resource limits, etc etc etc).
Right. And there is an easy solution: Turn off Privsep.
Sadly, this doesn't make any difference. OpenSSH 3.7.1 and later run PAM session modules in a subprocess unrelated to the eventual user shell, regardless of whether privsep is enabled. AFAIK, in earlier versions, it works fine even with privsep, because while such things may be run in a subprocess, they are run in a subprocess that ends up being an ancestor of the user shell.
-- Jeffrey T. Hutzelman (N3NHS) <[EMAIL PROTECTED]> Sr. Research Systems Programmer School of Computer Science - Research Computing Facility Carnegie Mellon University - Pittsburgh, PA
_______________________________________________ OpenAFS-devel mailing list [EMAIL PROTECTED] https://lists.openafs.org/mailman/listinfo/openafs-devel
