Re: [Pam-ssh-users] pam_ssh stays as user if no session tty
Brought to you by:
rosenauer
Menu
▾
▴
Re: [Pam-ssh-users] pam_ssh stays as user if no session tty
|
From: Wolfgang R. <wol...@ro...> - 2013-06-11 07:36:40
|
Hi,
thanks for the bugreport and patch.
Changes are committed to master:
commit d744c1cda9e5d87598167f71333fcc230734c3c9
Author: Jim Carter <ji...@ma...>
Date: Tue Jun 11 09:15:33 2013 +0200
Add missing credential restores
They will end up in the next version (1.99) but there is no release date
for it.
Wolfgang
Am 06.06.2013 07:52, schrieb Jim Carter:
> If pam_ssh.so is called when the session has no TTY, in
> pam_sm_open_session when it is about to link $HOME/.ssh/agent-$HOST-$TTY,
> it instead returns without calling openpam_restore_cred. There is a
> similar escape route if it can read the agent file but can't stat it. In
> XDM serving a XDMCP query (which has no TTY), but not on the physical
> display and not with other display managers such as LightDM, the non-root
> user lacks permission to write on lastlog, to talk to the login manager to
> manage the session, etc. This prevents the user from getting an X-Windows
> session. The appended patch inserts the needed calls to
> openpam_restore_cred, and the user is able to get a session.
>
> This is with pam_ssh-1.97-23.1.1.i586 and x86_64, and
> xdm-1.1.10-14.6.1.i586 and x86_64, on OpenSuSE 12.3.
>
> Please see https://bugzilla.novell.com/show_bug.cgi?id=823484 for the
> syslog messages, a "how to reproduce" scenario, and more discussion.
>
>
|
