Jose A. Rodriguez
2003-Oct-29 12:16 UTC
Environment set on PAM module is not visible to user
We're using an internal PAM module (Linux) that sets a few environment
variables using pam_putenv (on pam_sm_authenticate). In version 3.6.1p1i
such variables are visible to the user (as expected), but since 3.7p1
they are not...
Is this the expected behaviour?
Thanks in advance,
Jose
____________________________________________________________________________
Jose A. Rodriguez OOO Universitat Politecnica de Catalunya (UPC)
josear at ac.upc.es OOO Departament d'Arquitectura de
Computadors
Tel. 16990 OOO -*- LCAC -*-
UPC
Jose A. Rodriguez
2003-Oct-29 15:22 UTC
Environment set on PAM module is not visible to user
> We're using an internal PAM module (Linux) that sets a few environment > variables using pam_putenv (on pam_sm_authenticate). In version 3.6.1p1i > such variables are visible to the user (as expected), but since 3.7p1 > they are not...I found the cause for this behaviour: since 3.7.1p2 the PAM authentication is done using a thread. If not compiled with POSIX thread support, then OpenSSH emulates threads using processes. This emulation is not perfect and as I reported, the environment updated by the PAM module is lost (there is no code to copy the environment from the child/emulated thread). Using POSIX threads everything works as expected. I consider this behaviour as a bug, but that's only an opinion. :-) Jose ____________________________________________________________________________ Jose A. Rodriguez OOO Universitat Politecnica de Catalunya (UPC) josear at ac.upc.es OOO Departament d'Arquitectura de Computadors Tel. 16990 OOO -*- LCAC -*- UPC