Bug#163635: [Pkg-shadow-devel] Bug#163635: Advice about this bug report
Alexander Gattin
Alexander Gattin <arg@online.com.ua>, 163635@bugs.debian.org
Sat, 9 Apr 2005 22:18:07 +0300
Hi!
> In fact, having CLOSE_SESSION set to "no" results in
> pam_close_session not being called,
ALSO: this results in pam_end _not being called_ too!
The latter will cause "PAM data cleanup callbacks" (PDCC)
being _not run_ (for description of PDCC see pam_set_data
in /usr/share/doc/libpam-doc/txt/pam_modules.txt.gz).
The PDCC is used for example in pam_krb5 (instead of
pam_sm_close_session, as I thought before) to clean
credentials cache.
PDCCs are also used in libpam-ldap and libpam-ssh, for
example.
* PDCC in libpam-openafs-session
* and in libpam-mount
are just "dummy" routines.
In pam_unix PDCCs are used for free()-ing memory and
logging.
> only affect session termination not being logged(1),
> pam_lastlog(? - wrong description there), modules
> which should perform accounting, like pam_radius(2),
> modules which delete auth-cookie/auth-token file,
> like pam_xauth/pam_krb(3), pam_mount(4) and similar
> modules, which do unmount/unlink cleanup at end of
> session etc.
pam_devperm(5) restores device permissions upon end of
session.
Now having CLOSE_SESSION set to "no" seems to be a
total disaster, isn't it? ;)
> > With no more input, I will probably just change the setting in
> > post-sarge versions of shadow
Is it possible to propagate the change in sarge
too?
--
WBR
xrgtn