[21169] in bugtraq
Re: pam session
daemon@ATHENA.MIT.EDU (Greg Woods)
Sun Jun 24 12:17:30 2001
Message-Id: <200106231513.JAA00857@ncar.ucar.EDU>
To: ckraemer@ginko.de (Christian Kraemer)
Date: Sat, 23 Jun 2001 09:13:49 -0600 (MDT)
Cc: bugtraq@securityfocus.com
In-Reply-To: <01061903113100.00225@christian.localdomain> from "Christian Kraemer" at Jun 19, 1 03:11:02 am
From: woods@ucar.edu (Greg Woods)
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
> Does anybody know why openssh (openssh-2.9p1) on a linux system does not call
> pam_open_session if no pty is used? In this way the session modules (in
> /etc/pam.d) are not activated.
There are other problems with the interaction between openssh and PAM as
well. For instance, if you have users that have a null password, which we
use when the user's shell is responsible for doing one-time password
token authentication, you get a core dump. We've had to install passwords
for these users (by calling a different PAM module that authenticates
with our timecard database) to get around this.
sshd is also the only application that has this problem. telnet
and rlogin do not.
--Greg
