Bug#163635: [Pkg-shadow-devel] Bug#163635: Advice about this bug report
Tomasz Kłoczko
Tomasz KĹ‚oczko <kloczek@zie.pg.gda.pl>, 163635@bugs.debian.org
Fri, 15 Apr 2005 15:12:11 +0200 (CEST)
This message is in MIME format. The first part should be readable text,
while the remaining parts are likely unreadable without MIME-aware tools.
--568760595-509232200-1113570731=:5286
Content-Type: TEXT/PLAIN; charset=ISO-8859-2
Content-Transfer-Encoding: QUOTED-PRINTABLE
On Thu, 14 Apr 2005, Christian Perrier wrote:
> > Fix me if I'm wrong.
> > Correct solution will be remove CLOSE_SESSION conditions and use this c=
ode
> > uncondionaly if shadow was configured with PAM enabled (?)
>=20
>=20
> Hmm, well, I'm not sure anyone suggested such a drastic change. This
> could be likely to inadvertently change some behaviour here or there.
>=20
> Keeping the code which uses CLOSE_SESSION seems sane to me.
Looking on PAM API specyfication when you are star PAM session you must
also close them. CLOSE_SESSIONS dependent code was introduced very close=20
to to time when shadow PAM support was started in shadow (in 2000 .. this=
=20
relative old part of code) and I can understatnd even Marek was not shure=
=20
how it must be implemented.
When you are using pam_open_session() you must add aslo use=20
pam_close_session().
I don't see sense use for example login compiled with PAM enabled with=20
CLOSE_SESSIONS disabled. Or as you wish .. from pont of view PAM this is=20
plain nonsens.
kloczek
--=20
-----------------------------------------------------------
*Ludzie nie maj=B1 problem=F3w, tylko sobie sami je stwarzaj=B1*
-----------------------------------------------------------
Tomasz K=B3oczko, sys adm @zie.pg.gda.pl|*e-mail: kloczek@rudy.mif.pg.gda.p=
l*
--568760595-509232200-1113570731=:5286--