From 5dedbf0d4b872f6f730395693c54c614eb0057e4 Mon Sep 17 00:00:00 2001 From: Robert Watson Date: Wed, 20 Nov 2002 18:12:09 +0000 Subject: [PATCH] Update KerberosV task to note that pam_kerberosV bugs seem largely to have been resolved. Some still remain regarding OpenSSH/OpenPAM. Add a task item relating to the lastlog permission denied warning from OpenSSH, and set ownership to DES. --- en/releases/5.0R/todo.sgml | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/en/releases/5.0R/todo.sgml b/en/releases/5.0R/todo.sgml index 6f561869de..96e200e2dd 100644 --- a/en/releases/5.0R/todo.sgml +++ b/en/releases/5.0R/todo.sgml @@ -1,7 +1,7 @@ - + %includes; ]> @@ -178,7 +178,8 @@ KerberosV, OpenSSH, and PAM In progress markm@FreeBSD.org, nectar@FreeBSD.org - KerberosV appears not to currently work with OpenSSH using PAM. + KerberosV appears not to currently work with OpenSSH using PAM. + Bugs relating to pam_kerberosV have in large part been fixed. @@ -246,6 +247,17 @@ for tirpc unix domain socket transport naming, to sync to NetBSD. + + OpenSSH reports lastlog warning + -- + des@FreeBSD.org + OpenSSH appears to invoke the PAM session code in the wrong process + when running with privsep, resulting in warnings of the form + "Nov 20 18:08:55 u60 sshd[2002]: /var/log/lastlog: Permission denied". + This may be a bug that requires reworking OpenSSH to work properly + with PAM, but should be resolved in some form for the release. + + &footer;