Hi! > In fact, having CLOSE_SESSION set to "no" results in > pam_close_session not being called,
ALSO: this results in pam_end _not being called_ too! The latter will cause "PAM data cleanup callbacks" (PDCC) being _not run_ (for description of PDCC see pam_set_data in /usr/share/doc/libpam-doc/txt/pam_modules.txt.gz). The PDCC is used for example in pam_krb5 (instead of pam_sm_close_session, as I thought before) to clean credentials cache. PDCCs are also used in libpam-ldap and libpam-ssh, for example. * PDCC in libpam-openafs-session * and in libpam-mount are just "dummy" routines. In pam_unix PDCCs are used for free()-ing memory and logging. > only affect session termination not being logged(1), > pam_lastlog(? - wrong description there), modules > which should perform accounting, like pam_radius(2), > modules which delete auth-cookie/auth-token file, > like pam_xauth/pam_krb(3), pam_mount(4) and similar > modules, which do unmount/unlink cleanup at end of > session etc. pam_devperm(5) restores device permissions upon end of session. Now having CLOSE_SESSION set to "no" seems to be a total disaster, isn't it? ;) > > With no more input, I will probably just change the setting in > > post-sarge versions of shadow Is it possible to propagate the change in sarge too? -- WBR xrgtn -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
