search for: sshpam_init_authctx

...vsep for the moment, if we're doing challenge-response then pam_authenticate is happening in the PAM "thread", so the pam_h we call pam_setcred with isn't the one that we called pam_authenticate with. The pam_h the main process is using at this stage seems to be the one created in sshpam_init_authctx (or mm_init_auth_ctx with privsep) and hasn't had pam_authenticate called on it, has it? I've checked FreeBSD's pam_krb5 source, for example, and I can see that it uses pam_set/get_data to stash the krb5ccache between calls to pam_authenticate and pam_setcred. I don't understand ho...