Hi, While trying to debug some problems I'm having with pam_ssh, I found that kdm / xdm use a different approach than su / login to calling pam_open_session(). su (and login) call setfsuid(), then pam_open_session(), then setuid(). kdm calls pam_open_session() and setuid() (without setfsuid()), thereby causing some problems to modules such as pam_ssh. And, common sense says the order should have been setuid(), then pam_open_session(). So, which is right? -az _______________________________________________ Pam-list@redhat.com https://listman.redhat.com/mailman/listinfo/pam-list
