[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

PAM support lacks pam_setcred() call

From: Marc Singer
Subject: PAM support lacks pam_setcred() call
Date: Mon, 20 Oct 2003 11:16:18 -0700
User-agent: Mutt/1.5.4i

CVSs PAM support does not make the pam_setcred() call.  The
pam_group.so module uses this call to add UNIX groups to the user's
process privileges.  In addition, the pam_setcred() call requires
PAM_TTY to be set.

I've explored the problem enough to have discovered the root cause of
pam_group.so failing.  However, it is not sufficient to add these
calls.  The switch_to_user() call in CVS obliterates the group
privileges added by pam_group.so.  So, it seems that there is a more
fundamental problem with the way that PAM is used in CVS.

In mail exchanges with Steve McIntyre, it is clear that there are some
pending changes to the way that CVS uses PAM, e.g. adding PamAuth
option to CVSROOT/config.  This pam_setcred() problem, too, may
indicate that further changes are necessary.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]