OpenSSH with Wilkinson patch on Mac OS X 10.2
Sam Hartman
hartmans at MIT.EDU
Sun Sep 29 20:21:00 EDT 2002
>>>>> "Steven" == Steven Michaud <smichaud at pobox.com> writes:
Steven> By bootstrap server do you mean the sshd child process
Steven> that runs as the client and handles terminal emulation on
Steven> the server side? If so, you're right.
No, I do not.
Steven> By the way, do you think that seteuid() and setegid() are
Steven> misbehaving on OS X? Would I have had to go to the same
Steven> lengths on a different OS?
No. I suspect that seteuid is working as well as it can given the OSX
architecture.
One annoying problem is that you really want the credentials to be
written out before PAM modules are called so that PAM modules can use
the credentials. However you also want PAM to run as root for most of
its activity; I am not quite sure that the requirements of having PAM
run as root and having the credentials written out after setuid() can
both be satisfied.
So, you may have to have a different code path on OSX than on other
PAM-using operating systems.
More information about the krbdev
mailing list