bugzilla-daemon at bugzilla.mindrot.org
2008-Oct-27 11:41 UTC
[Bug 1534] New: openssh calls pam functions in the wrong order on logout
https://bugzilla.mindrot.org/show_bug.cgi?id=1534
Summary: openssh calls pam functions in the wrong order on
logout
Product: Portable OpenSSH
Version: 5.1p1
Platform: Other
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P2
Component: PAM support
AssignedTo: unassigned-bugs at mindrot.org
ReportedBy: anicka at suse.cz
Created an attachment (id=1577)
--> (http://bugzilla.mindrot.org/attachment.cgi?id=1577)
openssh pam fix for calling functions in the right order on logout
Copied from original bugreport by Andreas Schwab in Novell bugzilla:
openssh calls the pam functions on logout in the wrong order.
pam_setcred with the DELETE_CRED flag is called before
pam_close_session is called.
This means that e.g. a kerberos aware module can't use the kerberos
credentials cache to close it's session, cause the tickets are already
gone.
pam_setcred with DELETE_CRED should be called after pam_close_session.
See attached patch.
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2009-Jun-15 10:43 UTC
[Bug 1534] openssh calls pam functions in the wrong order on logout
https://bugzilla.mindrot.org/show_bug.cgi?id=1534
Andreas Schneider <mail at cynapses.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Severity|normal |major
CC| |mail at cynapses.org
--- Comment #1 from Andreas Schneider <mail at cynapses.org> 2009-06-15
20:43:14 ---
I've created the patch last year. This is really a annoying bug if
you're relying on kerberos and it doesn't work.
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2009-Jul-12 12:12 UTC
[Bug 1534] openssh calls pam functions in the wrong order on logout
https://bugzilla.mindrot.org/show_bug.cgi?id=1534
Darren Tucker <dtucker at zip.com.au> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |FIXED
CC| |dtucker at zip.com.au
--- Comment #2 from Darren Tucker <dtucker at zip.com.au> 2009-07-12
22:12:00 ---
Patch applied, thanks.
I will point out that the order these functions are supposed to be
called is not specified in either the original PAM spec or XSSO, and
the man pages on different platforms give conflicting advice, so
there's a decent chance this will break something else.
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2009-Oct-06 04:03 UTC
[Bug 1534] openssh calls pam functions in the wrong order on logout
https://bugzilla.mindrot.org/show_bug.cgi?id=1534
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |CLOSED
--- Comment #3 from Damien Miller <djm at mindrot.org> 2009-10-06 15:03:20
EST ---
Mass move of RESOLVED bugs to CLOSED now that 5.3 is out.
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
Apparently Analagous Threads
- reinit_creds (was Re: OpenSSHd barfs upon reauthentication: PAM, Solaris 8)
- [Bug 419] New: HP-UX PAM problems with 3.5p1
- PAM session cleanup on Sol8 with v2.9.9p2
- PAM function ordering
- reinit_creds (was Re: OpenSSHd barfs upon reauthentication: PAM, Solaris 8)