From owner-cvs-all Wed Jan 29 14:48:59 2003 Delivered-To: cvs-all@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9407E37B401; Wed, 29 Jan 2003 14:48:57 -0800 (PST) Received: from canning.wemm.org (canning.wemm.org [192.203.228.65]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4C07743F75; Wed, 29 Jan 2003 14:48:57 -0800 (PST) (envelope-from peter@wemm.org) Received: from wemm.org (localhost [127.0.0.1]) by canning.wemm.org (Postfix) with ESMTP id 271022A89E; Wed, 29 Jan 2003 14:48:57 -0800 (PST) (envelope-from peter@wemm.org) X-Mailer: exmh version 2.5 07/13/2001 with nmh-1.0.4 To: Jacques Vidrine Cc: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/lib/libpam/modules/pam_krb5 pam_krb5.c In-Reply-To: <200301292120.h0TLKcbW064283@repoman.freebsd.org> Date: Wed, 29 Jan 2003 14:48:57 -0800 From: Peter Wemm Message-Id: <20030129224857.271022A89E@canning.wemm.org> Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Jacques Vidrine wrote: > nectar 2003/01/29 13:20:38 PST > > Modified files: > lib/libpam/modules/pam_krb5 pam_krb5.c > Log: > Do not return inappropriate error codes in pam_sm_setcred. Doesn't this just hide the problem? I know there has been lots of finger pointing about PrivSep and the data being stored in the wrong process, but even with PrivSep turned *off*, it is still broken. I added some tracing code that showed that the cleanup_cache() callback hook was being explicitly called *before* the sm_setcred function. ie: there is either a programming error or a design error somewhere and the setcred stuff cannot possibly ever work (regardless of whether sshd is hacked to use pthreads or not.. it doesn't even work in a single process context, therefore it shouldn't have anything to do with the split contexts). Again, this doesn't seem to happen on the PAM in RELENG_4, so I have to wonder if there is a handle management bug (or incompatability) in openpam or something along those lines. Maybe sshd is doing something funny that is upsetting openpam, I dont know. I've just stuck a giant #if 0 around the code. :-( Cheers, -Peter -- Peter Wemm - peter@wemm.org; peter@FreeBSD.org; peter@yahoo-inc.com "All of this is for nothing if we don't go to the stars" - JMS/B5 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message