> Well, is it in bugzilla? :-) > > Hmm, when I did it, pam read the xauth contents and piped them through > to xauth in the next context so no filesystem confusion existed. I > haven't touched it for something like 3 years, though, so things may > have changed. I can add it to bugzilla, but I don't think it's actually a pam_xauth bug. pam_xauth is running under the assumption that the context that it's forwarding the cookies to is going to be the actual execution context; in the case of userhelper, that's just not true. In fact, I'm pretty sure pam_xauth is behaving correctly and that userhelper is "behaving badly" by authenticating and setting up a session (mostly the last part) as one user and then executing as another. In the '<user>' case, is it possible to authenticate against the user and then open the session for root? Admittedly, even that is having userhelper handle things that probably should be done by another PAM module, but at least it would get the correct behavior in this case. -- --Shahms
Attachment:
signature.asc
Description: This is a digitally signed message part