On Mon, Nov 18, 2024 at 01:11:41AM +0100, Chris Hofstaedtler wrote: > On Sun, Nov 17, 2024 at 07:02:53AM +0100, Chris Hofstaedtler wrote: > > * Colin Watson <cjwat...@debian.org> [241117 00:32]: > > > Control: forwarded -1 https://github.com/openssh/openssh-portable/pull/403 > > > While reading up on this I ran across > > > https://github.com/openssh/openssh-portable/pull/403, whose description > > > sounds like the same thing. > > > > Possible > > I've now read up on the PR, and I think it will not solve the > problem. Having the session recorded in wtmpdb is nice, but we > already have pam_wtmpdb for that. > > who(1) talks to logind for getting currently logged in sessions. > wtmpdb is irrelevant for this.
Fair enough. > > If PAM knows about the tty, pam_systemd.so and pam_wtmpdb.so should > > hopefully just record it. > > We need that part to work (again?). I suspect this may be related to PAM_TTY_KLUDGE, then (https://anongit.mindrot.org/openssh.git/tree/auth-pam.c#n760). Maybe as well as setting a kludged PAM_TTY for pam_auth, sshd needs to set a proper one for pam_session? > (I also think linking libwtmpdb.so into sshd is not a good idea.) It would be sshd-session, not sshd, so much less problematic than pre-auth linkage. -- Colin Watson (he/him) [cjwat...@debian.org]
