* Brian Feldman <green@FreeBSD.org> [010508 15:30] wrote:
> green 2001/05/08 15:30:18 PDT
>
> Modified files:
> crypto/openssh auth-pam.c
> Log:
> Since PAM is broken, let pam_setcred() failure be non-fatal.
Basically the new PAM code has the idea of cached credentials. Besideds
being a really fun fun thing to get right, the API does some funky
things.
Basically, setcreds expects to be able to use cached credentials
from some previous call. My guess is that it expects to use them
from pam_authenticate(). I'm not sure if sshd calls pam_authenticate()
when doing RSA/DSA keys which is why the cached credentials are bogus.
I'm going to work on a quick fix and possibly email around to help
figure out if my fix is correct.
--
-Alfred Perlstein - [alfred@freebsd.org]
Daemon News Magazine in your snail-mail! http://magazine.daemonnews.org/
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message