Bug#278394: PAM not run in single address space

[Colin Watson <cjwatson@debian.org>]

On Tue, Oct 26, 2004 at 01:43:51PM -0400, Sam Hartman wrote:
> Hi.  During the ssh 3.7 and 3.8 porting effort I pointed out on
> debian-ssh that you needed to be aware of issues surrounding PAM
> support in openssh starting with 3.7.
> 
> The problem is that the fine folks at openssh had some trouble with
> their event loop and decided to spin the pam authentication stuff off
> into its own process.  This is bad because it breaks pam in several
> ways.  The primary way is the same authentication handle is not used
> for both the pam_authenticate vs pam_open_session/pam_setcred.
> 
> This is bad because it prevents pam modules from setting up
> credentials and writing them out/enabling them during the set_cred
> phase.
> 
> It breaks several pam modules, most notably from my standpoint
> pam_krb5.  It's also a violation of how PAM is intended to be used.
> For this reason it is a violation of the Debian PAM mini-policy found
> in /usr/share/doc/libpam0g on all Debian systems.
> 
> 
> The OpenSSH folks did provide a fix: the -DUSE_POSIX_THREADS compiler
> option.  Unfortunately this is disabled in the ssh package.
> 
> Here's a patch to fix this.  I consider this problem fairly serious
> and hope we can come to quick agreement on a solution for sarge.

I'm willing to consider this for sarge, but will have to test it fairly
extensively. Can you outline any possible breakage that I should look
out for? It seems improbable that nothing at all would go wrong with
such a fundamental change.

I'm a little worried about a recurrence of #252676, for instance.

Thanks,

-- 
Colin Watson                                       [cjwatson@debian.org]