sshd hardcodes SSHD_PAM_SERVICE
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
openssh (Debian) |
Fix Released
|
Unknown
|
|||
openssh (Ubuntu) |
Fix Released
|
Medium
|
Colin Watson |
Bug Description
Line 99 of openssh-
$(MAKE) -C build-deb -j 2 ASKPASS_
From auth-pam.h:
#if !defined(
# define SSHD_PAM_SERVICE __progname
#endif
This macro is then used in the pam_start() call in auth-pam.c. The results of this is that there is no way to have two separate sshd processes with different PAM configurations. You can specify different sshd_config-files, sure, but they end up using the same PAM config file no matter what. The expected behaviour is that if you symlink /usr/sbin/sshd-opie to /usr/sbin/sshd and start it using the sshd-opie symlink, it should be using /etc/pam.
It would be much better if the binary didn't hardcode this, or at least provided some way of overriding the PAM service name at run-time.
I think this bug stems from Debian. I know it's not unusual for Debian packages to have eccentric limitations and modifications added, but I hope it can be fixed in Ubuntu anyway.
Tore
Changed in openssh: | |
status: | Unknown → New |
Changed in openssh: | |
status: | New → Fix Released |
You might like to be aware that the Debian maintainer and the main Ubuntu maintainer for openssh are the same person, namely me. Having a go at Debian in Ubuntu bug reports often does not get the response you might be looking for ...
This is Debian bug #255870. I've been meaning to fix it for a while, but the pain of moving conffiles around is such that something else has always ended up higher on my list.