Date: Wed, 29 Jan 2003 14:48:57 -0800 From: Peter Wemm <peter@wemm.org> To: Jacques Vidrine <nectar@FreeBSD.org> Cc: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/lib/libpam/modules/pam_krb5 pam_krb5.c Message-ID: <20030129224857.271022A89E@canning.wemm.org> In-Reply-To: <200301292120.h0TLKcbW064283@repoman.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Jacques Vidrine wrote: > nectar 2003/01/29 13:20:38 PST > > Modified files: > lib/libpam/modules/pam_krb5 pam_krb5.c > Log: > Do not return inappropriate error codes in pam_sm_setcred. Doesn't this just hide the problem? I know there has been lots of finger pointing about PrivSep and the data being stored in the wrong process, but even with PrivSep turned *off*, it is still broken. I added some tracing code that showed that the cleanup_cache() callback hook was being explicitly called *before* the sm_setcred function. ie: there is either a programming error or a design error somewhere and the setcred stuff cannot possibly ever work (regardless of whether sshd is hacked to use pthreads or not.. it doesn't even work in a single process context, therefore it shouldn't have anything to do with the split contexts). Again, this doesn't seem to happen on the PAM in RELENG_4, so I have to wonder if there is a handle management bug (or incompatability) in openpam or something along those lines. Maybe sshd is doing something funny that is upsetting openpam, I dont know. I've just stuck a giant #if 0 around the code. :-( Cheers, -Peter -- Peter Wemm - peter@wemm.org; peter@FreeBSD.org; peter@yahoo-inc.com "All of this is for nothing if we don't go to the stars" - JMS/B5 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030129224857.271022A89E>