On Tue, Jan 20, 2009 at 01:28:25AM -0700, Shawn M Emery wrote: > Darren J Moffat wrote: > >Is this sufficient so that pam_krb5 can be setup to use ccapi ? If so > >that is wonderful because I believe that will mean that the > >pam_setcred(pamh, PAM_DELETE_CRED) calls that sshd makes could > >actually be useful to only delete that ssh sessions krb5 creds. > > Yes, but that requires the application to inherit the environment > variables of the caller. However, initial login applications need to be > leery of inheriting arbitrary environment variables as the associated > process could be running with privileges at times. So some refactoring > is required to get this to work. Perhaps this warrants a separate case > for reintroducing session management, at least for pam_krb5(5).
kgssapi (and, therefore, secure NFS) does not see user-land environment variables. Moreover, gssd doesn't know the PID of the process that triggered an upcall from kgssapi (though this would be fixed if you changed gssd to use doors), and even if it did, gssd wouldn't have access to its caller's environment variables since the only ways to get to another process' environment are: proc(4)/libproc and pargs(1), which are not really intended for this type of use (using proc(4) to get at a process' env is very heavy-weight and not reliable). Nico --
