pam_sm_close_session doesn't run without privilege seperation

From: Chris Jensen (cjensen_at_gmail.com)
Date: 09/03/04

  • Next message: WEC IT Services (UK): "Re: SSH won't execute shell"
    Date: Fri, 3 Sep 2004 06:42:10 +0000
    To: secureshell@securityfocus.com
    
    

    Hi,
    I've got pam_mount set up mostly with openssh. Except for one catch,
    it'll mount fine, the pam_sm_open_session function gets called (as
    root) at session start and it mounts the directory I want.

    But when I exit the session, pam_sm_close_session gets called, but it
    only runs as the user that was logged in, so it doesn't have
    permission to unmount the directory.

    So to alleviate this, I set UsePrivilegeSeperation No in the
    sshd_config, and now pam_sm_close_session doesn't get called at all

    I've got debugging on in pam_mount, so with privilege seperation, I see
    sshd[14609]: pam_mount: received order to close things
    in the log (followed by about 20 or so more verbose debugs from pam_mount)
    But without privilege seperation, I get nothing.

    Is this a known problem? Surely this must be a bug with openssh?
    I'm running OpenSSH_3.9p1 and pam_mount 0.9.20


  • Next message: WEC IT Services (UK): "Re: SSH won't execute shell"