pam_session_close() doesn't being called when rcp connection completed
Issue
-
pam_session_close() doesn't being called when rcp connection completed
-
For rsh access, you get entries for USER_START, USER_LOGIN, and USER_END:
type=USER_START msg=audit(1399006695.503:6427): user pid=24841 uid=0 auid=500 ses=726 msg='op=PAM:session_open acct="hoge" exe="/usr/sbin/in.rshd" hostname=xxxxx addr=xx.xx.xx.xx terminal=rsh res=success'
type=USER_LOGIN msg=audit(1399006695.503:6428): user pid=24841 uid=0 auid=500 ses=726 msg='op=login id=500 exe="/usr/sbin/in.rshd" hostname=xx.xx.xx.xx addr=xx.xx.xx.xx terminal=rsh res=success'
type=USER_END msg=audit(1399006695.695:6429): user pid=24841 uid=0 auid=500 ses=726 msg='op=PAM:session_close acct="hoge" exe="/usr/sbin/in.rshd" hostname=xxxxx addr=xx.xx.xx.xx terminal=rsh res=success'
- However, for rcp, you get entries for USER_START and USER_LOGIN but no USER_END:
type=USER_START msg=audit(1399007667.556:6491): user pid=25228 uid=0 auid=500 ses=731 msg='op=PAM:session_open acct="hoge" exe="/usr/sbin/in.rshd" hostname=xxxxx addr=xx.xx.xx.xx terminal=rsh res=success'
type=USER_LOGIN msg=audit(1399007667.556:6492): user pid=25228 uid=0 auid=500 ses=731 msg='op=login id=500 exe="/usr/sbin/in.rshd" hostname=xxxxx addr=xx.xx.xx.xx terminal=rsh res=success'
Environment
- Red Hat Enterprise Linux 6.2
- rsh-server-0.17-60.el6.x86_64
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.
