- (djm) Move PAM init to after fork for non-Solaris derived PAMs

2 files changed, 12 insertions, 4 deletions

diff --git a/ChangeLog b/ChangeLog
index 0d09f9b7..6f743c78 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -11,6 +11,7 @@
    <markm@swoon.net>
  - (djm) Search for -lcrypt on FreeBSD too
  - (djm) fatal() on OpenSSL version mismatch
+ - (djm) Move PAM init to after fork for non-Solaris derived PAMs
 
 20010226
  - (bal) Fixed bsd-snprinf.c so it now honors 'BROKEN_SNPRINTF' again.
@@ -4145,4 +4146,4 @@
  - Wrote replacements for strlcpy and mkdtemp
  - Released 1.0pre1
 
-$Id: ChangeLog,v 1.830 2001/02/26 22:20:57 djm Exp $
+$Id: ChangeLog,v 1.831 2001/02/26 22:28:23 djm Exp $
diff --git a/session.c b/session.c
index ee14afa6..d4053b4c 100644
--- a/session.c
+++ b/session.c
@@ -487,7 +487,8 @@ do_exec_no_pty(Session *s, const char *command, struct passwd * pw)
 
 	session_proctitle(s);
 
-#ifdef USE_PAM
+#if defined(USE_PAM) && defined(PAM_SUN_CODEBASE)
+	/* Solaris-derived PAMs don't like doing this after the fork() */
 	do_pam_setcred();
 #endif /* USE_PAM */
 
@@ -603,10 +604,11 @@ do_exec_pty(Session *s, const char *command, struct passwd * pw)
 	ptyfd = s->ptyfd;
 	ttyfd = s->ttyfd;
 
-#ifdef USE_PAM
+#if defined(USE_PAM) && defined(PAM_SUN_CODEBASE)
+	/* Solaris-derived PAMs don't like doing this after the fork() */
 	do_pam_session(pw->pw_name, s->tty);
 	do_pam_setcred();
-#endif /* USE_PAM */
+#endif
 
 	/* Fork the child. */
 	if ((pid = fork()) == 0) {
@@ -1032,6 +1034,11 @@ do_child(const char *command, struct passwd * pw, const char *term,
 #endif /* WITH_IRIX_ARRAY */
 #endif /* WITH_IRIX_JOBS */
 
+#if defined(USE_PAM) && !defined(PAM_SUN_CODEBASE)
+	/* Solaris-derived PAMs don't like doing this after the fork() */
+	do_pam_session(pw->pw_name, s->tty);
+	do_pam_setcred();
+#endif
 
 	/* login(1) is only called if we execute the login shell */
 	if (options.use_login && command != NULL)