Senthil Kumar wrote:
> I'm using OpenSSH 4.3 compiled with PAM support. Im using a proprietary PAM
> module for my Authentication. When the root user logs out, it throws a
> message "pam_setcred : Pemission denied" in syslog. The PAM engineer told me
> that the module can't delete root users credentials. Instead he is asking me
> to skip the call pam_setcred() in sshpam_cleanup() in auth-pam.c for root
> user.


You can try the patch #1143 in [1], which attempts to fix this for
regular users when privsep=yes. I think it will also help for root when
privsep=yes, but I'm not 100% sure. It won't help if privsep=no.

> Is this is the right way?


Not really, but fixing this for the general case is not trivial (see the
discussion in [1]).

> Is there any impact with this?


Depends on what your PAM modules actually do... presumably the authors
of your modules would be able to say for certain.

[1] http://bugzilla.mindrot.org/show_bug.cgi?id=926

--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
http://www.mindrot.org/mailman/listi...enssh-unix-dev