On Tue, Sep 03, 2013 at 02:26:37PM +0400, Lev Serebryakov wrote: > Hello, Dag-Erling. > You wrote 3 сентября 2013 г., 13:38:48: > > >> And how in this case can be resolved situation with PAM credentials > >> (Kerberos credentials in may case)? > DES> The application does not need them. > They are written to disk with pam_open_session() and this call should be > called by sshd, not some "authorization daemon", if I understand situation > right. Or don't I?
Written to disk with pam_setcred(), not pam_open_session(). And yes, by sshd, after drop priveleges. And set KRB5CCNAME. "authorization daemon" can't be set environment in other process. _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
