OpenSSH, PAM and kerberos
Lev Serebryakov
lev at FreeBSD.org
Tue Sep 3 13:46:25 UTC 2013
Hello, Dag-Erling.
You wrote 3 сентября 2013 г., 17:23:48:
>> Also, authenticate daemon (in case authenticate daemon call
>> pam_setcred) can't be know what need to transfer (chaneged UID? new
>> enviroment? deleted enviroment?)
DES> Actually, sshd already does most of this by farming PAM out to a child
DES> process.
And, IMHO, proper way to fix this bug is to fix it here, as "most of things"
is already done.
--
// Black Lion AKA Lev Serebryakov <lev at FreeBSD.org>
More information about the freebsd-security
mailing list