OpenSSH, PAM and kerberos
Dag-Erling Smørgrav
des at des.no
Mon Sep 2 17:36:58 UTC 2013
Slawa Olhovchenkov <slw at zxy.spb.ru> writes:
> Hmmm, now I try to compile sshd with UNSUPPORTED_POSIX_THREADS_HACK and
> it works (/tmp/krb5cc_NNNN created, kerberosied login to other host
> working w/o entering password).
So they didn't break the thread version? You shouldn't use it, though,
as the rest of OpenSSH is not thread-safe. The threads are only
partially synchronized, and service modules may for instance call
getpwent() and thereby clobber global state which OpenSSH relies on.
DES
--
Dag-Erling Smørgrav - des at des.no
More information about the freebsd-security
mailing list