Senthil Kumar wrote:
> I'm using OpenSSH 4.3 compiled with PAM support. Im using a proprietary PAM
> module for my Authentication. When the root user logs out, it throws a
> message "pam_setcred : Pemission denied" in syslog. The PAM engineer told me
> that the module can't delete root users credentials. Instead he is asking me
> to skip the call pam_setcred() in sshpam_cleanup() in auth-pam.c for root
> user.

You can try the patch #1143 in [1], which attempts to fix this for
regular users when privsep=yes. I think it will also help for root when
privsep=yes, but I'm not 100% sure. It won't help if privsep=no.

> Is this is the right way?

Not really, but fixing this for the general case is not trivial (see the
discussion in [1]).

> Is there any impact with this?

Depends on what your PAM modules actually do... presumably the authors
of your modules would be able to say for certain.


Darren Tucker (dtucker at
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

openssh-unix-dev mailing list