Date: Fri, 26 Oct 2001 16:09:30 +0200 From: "Jose M. Alcaide" <jose@we.lc.ehu.es> To: "Brandon S. Allbery KF8NH" <allbery@ece.cmu.edu> Cc: stable@FreeBSD.ORG Subject: Re: login(1) now forks the shell instead of exec'ing it ? Message-ID: <20011026160930.D378@v-ger.we.lc.ehu.es> In-Reply-To: <17070000.1004104497@vpn68.ece.cmu.edu>; from allbery@ece.cmu.edu on Fri, Oct 26, 2001 at 09:54:58AM -0400 References: <20011026154851.B378@v-ger.we.lc.ehu.es> <17070000.1004104497@vpn68.ece.cmu.edu>
index | next in thread | previous in thread | raw e-mail
On Fri, Oct 26, 2001 at 09:54:58AM -0400, Brandon S. Allbery KF8NH wrote: > On Friday, October 26, 2001 15:48:51 +0200, "Jose M. Alcaide" > <jose@we.lc.ehu.es> wrote: > > Consider what happens if the PAM session hook acquires and releases network > credentials (AFS/Arla tokens in particular, but some sites like to clean up > Kerberos tickts on logout as well); if login simply does a PAM_END and > exec()s the shell then they don't stick around. (Linux PAM's login had > this bug a few years ago; it was really annoying.) > > The session close hook (invoked by the PAM_END macro) must be called after > the session exits, not before it even starts (from the user's standpoint), > so login has to stick around until the user's shell goes away. Thank you very much! I am not a PAM expert :-), so that your answer has been very enlightening for me. Anyway, I am a bit sad after losing the traditional login(1) behavior. :-) -- ****** Jose M. Alcaide // jose@we.lc.ehu.es // jmas@FreeBSD.org ****** ** "Beware of Programmers who carry screwdrivers" -- Leonard Brandwein ** To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the messagehelp
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011026160930.D378>