Sergio Gelato writes:
> Patch successfully tested in an i386 jessie VM with kernel 3.16.7-ckt9-2
> and OpenAFS module 1.6.9-2+deb8u2 . I've tried both possible settings of
> the pam_setcred option in sudo. No apparent regression with sshd either.
Thanks! I'm working on a new release (unfortunat
* Russ Allbery [2015-04-16 14:08:56 -0700]:
> Sergio Gelato writes:
>
> > When only pam_open_session() and pam_close_session() are called, the
> > child session gets its own PAG, aklog tries to populate it with tokens,
> > and unlog can only destroy tokens in the child session's PAG; the parent
>
Sergio Gelato writes:
> When only pam_open_session() and pam_close_session() are called, the
> child session gets its own PAG, aklog tries to populate it with tokens,
> and unlog can only destroy tokens in the child session's PAG; the parent
> session's tokens are left alone.
> When pam_setcred(
* Russ Allbery [2015-04-14 09:20:20 -0700]:
> Who loses tokens? The calling user outside of the sudo session, processes
> run during the sudo session, unrelated root processes on the system, or
> something else?
The calling user outside of the sudo session.
> I'm inclined to call this a sudo bug
Sergio Gelato writes:
> Package: libpam-afs-session
> Version: 2.5-4
> When sudo's pam_setcred option is true (which it is by default in jessie
> but not in previous releases; e.g. neither wheezy nor Ubuntu trusty are
> affected by this problem out of the box), running sudo will result in
> the
Package: libpam-afs-session
Version: 2.5-4
When sudo's pam_setcred option is true (which it is by default in jessie
but not in previous releases; e.g. neither wheezy nor Ubuntu trusty are
affected by this problem out of the box), running sudo will result in the
loss of AFS tokens. These are destro
6 matches
Mail list logo
