pam_sm_close_session doesn't run without privilege seperation
From: Chris Jensen (cjensen_at_gmail.com)
Date: 09/03/04
- Previous message: Fred Friedman: "Where do I get an RSA file?"
- Next in thread: Darren Tucker: "Re: pam_sm_close_session doesn't run without privilege seperation"
- Reply: Darren Tucker: "Re: pam_sm_close_session doesn't run without privilege seperation"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 3 Sep 2004 06:42:10 +0000 To: secureshell@securityfocus.com
Hi,
I've got pam_mount set up mostly with openssh. Except for one catch,
it'll mount fine, the pam_sm_open_session function gets called (as
root) at session start and it mounts the directory I want.
But when I exit the session, pam_sm_close_session gets called, but it
only runs as the user that was logged in, so it doesn't have
permission to unmount the directory.
So to alleviate this, I set UsePrivilegeSeperation No in the
sshd_config, and now pam_sm_close_session doesn't get called at all
I've got debugging on in pam_mount, so with privilege seperation, I see
sshd[14609]: pam_mount: received order to close things
in the log (followed by about 20 or so more verbose debugs from pam_mount)
But without privilege seperation, I get nothing.
Is this a known problem? Surely this must be a bug with openssh?
I'm running OpenSSH_3.9p1 and pam_mount 0.9.20
- Previous message: Fred Friedman: "Where do I get an RSA file?"
- Next in thread: Darren Tucker: "Re: pam_sm_close_session doesn't run without privilege seperation"
- Reply: Darren Tucker: "Re: pam_sm_close_session doesn't run without privilege seperation"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
