Re: Why doesn't Debian use GNU su?
On Fri, Jan 21, 2000 at 10:59:31AM -0800, Ben Gertzfield wrote:
> >>>>> "Ben" == Ben Collins <bcollins@debian.org> writes:
>
> Ben> Where do you get that shadow's su does not use PAM session
> Ben> management? Stop spreading bogus information.
>
> It does use some PAM session management but not all of it. You've done
> a good job patching shadow's su, but it's not finished. :) I'm sorry
> if I sounded antagonistic, I didn't mean that at all.
It did come across that way :)
> I've gone through the source code to shadow's su, and while it *DOES*
> call pam_start() and pam_end(), it fails to call pam_open_session()
> and pam_close_session().
All that is needed is a bug filed. Adding that support is quite simple (I
can make it abide by the same config option that logins does, on whether
it forks or exec's also).
pam_close_session() only makes sense it certain cases. It is not always
needed, depending the the session module set being used. For example,
pam_krb5 needs pam_close_session() to be called, however, pam_unix.so does
not (not really anyway), and neither does pam_ldap.so.
Make a semi-detailed bug report, and I will follow up on it.
--
-----------=======-=-======-=========-----------=====------------=-=------
/ Ben Collins -- ...on that fantastic voyage... -- Debian GNU/Linux \
` bcollins@debian.org -- bcollins@openldap.org -- bmc@visi.net '
`---=========------=======-------------=-=-----=-===-======-------=--=---'
Reply to: