From owner-cvs-all Tue May 8 17:14:24 2001 Delivered-To: cvs-all@freebsd.org Received: from fw.wintelcom.net (ns1.wintelcom.net [209.1.153.20]) by hub.freebsd.org (Postfix) with ESMTP id 63E3E37B422; Tue, 8 May 2001 17:14:19 -0700 (PDT) (envelope-from bright@fw.wintelcom.net) Received: (from bright@localhost) by fw.wintelcom.net (8.10.0/8.10.0) id f490EJI11025; Tue, 8 May 2001 17:14:19 -0700 (PDT) Date: Tue, 8 May 2001 17:14:19 -0700 From: Alfred Perlstein To: Brian Feldman Cc: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/crypto/openssh auth-pam.c Message-ID: <20010508171418.P18676@fw.wintelcom.net> References: <200105082230.f48MUJH20777@freefall.freebsd.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <200105082230.f48MUJH20777@freefall.freebsd.org>; from green@FreeBSD.org on Tue, May 08, 2001 at 03:30:18PM -0700 X-all-your-base: are belong to us. Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG * Brian Feldman [010508 15:30] wrote: > green 2001/05/08 15:30:18 PDT > > Modified files: > crypto/openssh auth-pam.c > Log: > Since PAM is broken, let pam_setcred() failure be non-fatal. Basically the new PAM code has the idea of cached credentials. Besideds being a really fun fun thing to get right, the API does some funky things. Basically, setcreds expects to be able to use cached credentials from some previous call. My guess is that it expects to use them from pam_authenticate(). I'm not sure if sshd calls pam_authenticate() when doing RSA/DSA keys which is why the cached credentials are bogus. I'm going to work on a quick fix and possibly email around to help figure out if my fix is correct. -- -Alfred Perlstein - [alfred@freebsd.org] Daemon News Magazine in your snail-mail! http://magazine.daemonnews.org/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message