Hi, I’m trying to develop a PAM module with OpenSSH, and I realized I need to retrieve something in a later stage that was saved in another previous stage. As far as my tests on OpenSSH 7.6 go, the password auth route goes through PAM auth, account, session, and the session stage is in a different UNIX process from the process where auth and account take place. For the key auth route, auth stage is bypassed in favor of the AuthorizedKeys or AuthorizedKeysCommand (in its own process) mechanisms, while PAM account and session stages are in the same process. Is this correct? I’m aware of https://bugzilla.mindrot.org/show_bug.cgi?id=2548, which correspond to the password route. Key route doesn’t seem to agree with it. Regardless, I haven’t seen fixes around it. And in either auth route, what do the two processes share uniquely for the same login attempt, like a session ID that I can extract? Best, Carl _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
