Bug#412061: [Pkg-shadow-devel] Bug#412061: login: su ends PAM
sesstion in subshell
Philipp Matthias Hahn
pmhahn at debian.org
Mon Feb 26 16:45:18 CET 2007
Hello!
On Sun, Feb 25, 2007 at 12:28:13AM +0100, Nicolas François wrote:
> On Fri, Feb 23, 2007 at 09:05:57AM -0800, rra at debian.org wrote:
> > I'm not sure if this is the correct behavior or not. I inherited it, and
> > I don't know if there's any documentation about what one is *supposed* to
> > to. It causes strange problems on Solaris 8 and 9 as well (I haven't been
> > able to test Solaris 10).
>
> pam-krb5's behavior is probably correct. (maybe it could implement
> PAM_DATA_SILENT support for pam_end; but it would not help in this case,
> as su do not use it;)
PAM_DATA_SILENT is only a proposed extension, therefor I would not
recommend using it.
It seems strange, that "su" should be the only/first program
encountering this problem.
> Philipp, does su seems to behave correctly when you remove the pam_end
> call in the child?
Yes, it works as expected. This is also what I think is right, but
before proposing this change, I liked some discussion with others.
> My current opinion is that we should remove this pam_end, which would make
> the su behavior consistent with login. (BTW, does login behaves correctly
> regarding pam-krb5?)
Yes, login works right.
Perhaps taking a look at all those libpam-\* modules might shed some
more light on the situation, what modules do. Especially what they do in
cleanup() on pam_end().
BYtE
Philipp
--
Philipp Matthias Hahn <pmhahn at debian.org>
GPG/PGP: 9A540E39 @ keyrings.debian.org
More information about the Pkg-shadow-devel
mailing list