From owner-freebsd-hackers@freebsd.org  Wed Dec  2 11:23:19 2015
Return-Path: <owner-freebsd-hackers@freebsd.org>
Delivered-To: freebsd-hackers@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id C4763A3E4B6;
 Wed,  2 Dec 2015 11:23:19 +0000 (UTC) (envelope-from slw@zxy.spb.ru)
Received: from zxy.spb.ru (zxy.spb.ru [195.70.199.98])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 7E7B81070;
 Wed,  2 Dec 2015 11:23:19 +0000 (UTC) (envelope-from slw@zxy.spb.ru)
Received: from slw by zxy.spb.ru with local (Exim 4.86 (FreeBSD))
 (envelope-from <slw@zxy.spb.ru>)
 id 1a45VD-0009RM-J5; Wed, 02 Dec 2015 14:23:15 +0300
Date: Wed, 2 Dec 2015 14:23:15 +0300
From: Slawa Olhovchenkov <slw@zxy.spb.ru>
To: freebsd-hackers@freebsd.org, hackers@freebsd.org
Subject: Re: NFSv4 details and documentations
Message-ID: <20151202112315.GK31314@zxy.spb.ru>
References: <1162872124.114408327.1449007978859.JavaMail.zimbra@uoguelph.ca>
 <alpine.GSO.1.10.1512020158390.26829@multics.mit.edu>
 <20151202100708.GJ31314@zxy.spb.ru>
 <20151202110243.GA17480@britannica.bec.de>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20151202110243.GA17480@britannica.bec.de>
User-Agent: Mutt/1.5.24 (2015-08-30)
X-SA-Exim-Connect-IP: <locally generated>
X-SA-Exim-Mail-From: slw@zxy.spb.ru
X-SA-Exim-Scanned: No (on zxy.spb.ru); SAEximRunCond expanded to false
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
 <freebsd-hackers.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-hackers>, 
 <mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers/>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-hackers>, 
 <mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Dec 2015 11:23:19 -0000

On Wed, Dec 02, 2015 at 12:02:43PM +0100, Joerg Sonnenberger wrote:

> On Wed, Dec 02, 2015 at 01:07:08PM +0300, Slawa Olhovchenkov wrote:
> > FreeBSD ssh'd use thread emulations by fork, as result Kerberos token
> > got at pam_krb5:auth can't be accessed at pam_krb5:session (for
> > writing in /tmp/krb5cc_UID. Recompile with
> > -DUNSUPPORTED_POSIX_THREADS_HACK resove this issuse (and I can login
> > with kerberos password to host with kerberoized NFSv4 and w/o
> > additional kinit or password sshd to another host.
> 
> Please try UsePrivilegeSeparation=no instead. The pthread hack should
> just die complete.

Don't work and can't be work.
pthread/thread fork emulation to be foreign to the priveledge seperation.