bugzilla-daemon at bugzilla.mindrot.org
2008-Oct-27 11:41 UTC
[Bug 1534] New: openssh calls pam functions in the wrong order on logout
https://bugzilla.mindrot.org/show_bug.cgi?id=1534 Summary: openssh calls pam functions in the wrong order on logout Product: Portable OpenSSH Version: 5.1p1 Platform: Other OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: PAM support AssignedTo: unassigned-bugs at mindrot.org ReportedBy: anicka at suse.cz Created an attachment (id=1577) --> (http://bugzilla.mindrot.org/attachment.cgi?id=1577) openssh pam fix for calling functions in the right order on logout Copied from original bugreport by Andreas Schwab in Novell bugzilla: openssh calls the pam functions on logout in the wrong order. pam_setcred with the DELETE_CRED flag is called before pam_close_session is called. This means that e.g. a kerberos aware module can't use the kerberos credentials cache to close it's session, cause the tickets are already gone. pam_setcred with DELETE_CRED should be called after pam_close_session. See attached patch. -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2009-Jun-15 10:43 UTC
[Bug 1534] openssh calls pam functions in the wrong order on logout
https://bugzilla.mindrot.org/show_bug.cgi?id=1534 Andreas Schneider <mail at cynapses.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Severity|normal |major CC| |mail at cynapses.org --- Comment #1 from Andreas Schneider <mail at cynapses.org> 2009-06-15 20:43:14 --- I've created the patch last year. This is really a annoying bug if you're relying on kerberos and it doesn't work. -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2009-Jul-12 12:12 UTC
[Bug 1534] openssh calls pam functions in the wrong order on logout
https://bugzilla.mindrot.org/show_bug.cgi?id=1534 Darren Tucker <dtucker at zip.com.au> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |FIXED CC| |dtucker at zip.com.au --- Comment #2 from Darren Tucker <dtucker at zip.com.au> 2009-07-12 22:12:00 --- Patch applied, thanks. I will point out that the order these functions are supposed to be called is not specified in either the original PAM spec or XSSO, and the man pages on different platforms give conflicting advice, so there's a decent chance this will break something else. -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2009-Oct-06 04:03 UTC
[Bug 1534] openssh calls pam functions in the wrong order on logout
https://bugzilla.mindrot.org/show_bug.cgi?id=1534 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED --- Comment #3 from Damien Miller <djm at mindrot.org> 2009-10-06 15:03:20 EST --- Mass move of RESOLVED bugs to CLOSED now that 5.3 is out. -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug.