search for: do_pam_cleanup_proc

As has often been mentioned, Solaris (at least 7 and 8) gives a debug1 message on logout: Cannot delete credentials. This occurs when in auth-pam.c, function do_pam_cleanup_proc(), pam_setcred(__pamh, PAM_DELETE_CRED) is called under UID 0. I suggested a patch for this on Nov 22, 2001, based on openssh 2.9.9p2 through 3.0.1p1. [The attempt in my patch to reset to UID 0 by "if (!flag) setuid(0);" does not actually work but seems not to be required.] Now in 3.4p1 w...

In do_pam_cleanup_proc(), there are 3 calls to PAM: 1) pam_close_session() - do lastlog stuff 2) pam_setcred(PAM_DELETE_CRED) - delete credentials 3) pam_end() - close PAM It appears that pam_setcred() always fails with the error PAM_PERM_DENIED. This is due to a check done pam_unix.so to not allow a caller with euid...

Hello all, On Redhat 6.2, the PAM_unix module logs the session opening, but not the session closing. This was logged as of 2.3.0p1. Upgrading to 2.5.1p1 makrs the start of the problem. Thanks in advance, Victor -- Victor J. Orlikowski ====================== v.j.orlikowski at gte.net orlikowski at apache.org vjo at us.ibm.com

Hello, I pulled the latest from cvs today and ran several tests and added more options to the CFLAGS in the Makefile. To start with, I ran valgrind against sshd & it comes up with this: ==24959== 112 bytes in 1 blocks are definitely lost in loss record 297 of 310 ==24959== at 0x40164650: malloc (vg_clientfuncs.c:100) ==24959== by 0x807A0D1: compat_init_setproctitle (setproctitle.c:236)

The 2 errors: pam_setcred: error Permission denied Cannot delete credentials[7]: Permission denied Looks to be a major bug in the PAM module for Solaris-2.8/2.7/2.6. Has anyone from the list (developers of OpenSSH, endusers, hackers, etc.) came up w/ a solution? Even a temporary one? When authenticating yourself on the same system that worked, but when authenticating to another system failed. I

...3.5p1. Why? I merged it into 3.5p1 (which exhibits the same problem) manually, and it still does fine, tested on 11.00 and 11.11. (If you decide to merge it into official source trees please remember to give credits to Dan rather than me for this portion :) 2) Failed deletion of credentials in do_pam_cleanup_proc() This issue seems to be old (observed with 3.1p1, 3.4p1, and 3.5p1 in both trusted and non-trusted mode, both with or without privilege separation). I'm not sure how critical this is, as 3.1p1 seems to run happily for many months without a visible impact, but error messages still look quite...