[util-linux-2.8- The following comment can be found in util-linux-2.8/login-utils/login.c: /* There was some junk with fork()/exec()/signal()/wait() here that was incorrect, and util-linux-2.7-11.src.rpm contains a patch that makes the fork entirely useless. If you introduce one again, please document in the source what its purpose is. - aeb */ PAM_END; Will someone please track down "aeb" and make him read the PAM documentation, followed by an overview of Kerberos? I was not amused to discover that our Kerberos tickets and AFS tokens (similar) were being destroyed immediately because the above brokenness invokes pam_close_session() to destroy the tickets/tokens before exec()ing the user's shell instead of at logout. PAM is now fairly useless for its intended purpose except in cases where it doesn't buy one anything. I have worked around this problem locally for AFS tokens; the solution for Kerberos was to replace /bin/login with a non-PAMified Kerberized version until such time as it can be fixed properly.
Restored the util-linux-2.7 fork/exec/wait/PAM_END. I also added your comments and e-mail address to the source. Fixed in dist-6.0/util-linux-2.9-4
*** Bug 1009 has been marked as a duplicate of this bug. *** In util-linux 2.8, a piece of code of login.c was eliminated. This code waited for the shell to end to call pam_close_session. So, the version that comes with redhat 5.2 calls pam_close_session before executing the shell instead of waiting for it to end and then close the session. The bug is fixed since util-linux-2.9c ------- Additional Comments From ayn2 02/02/99 01:24 ------- This is a duplicate of #201