Subject: [netatalk-admins] afpd, PAM and syslog
From: Osma Ahvenlampi (oa@spray.fi)
Date: Wed Mar 25 1998 - 14:20:03 EST
First, apologies for the choice of medium, this list most likely is
not the correct place for this. However, I just can't handle
subscribing to more mailing lists now. Besides, I couldn't find any
addresses for generic PAM related questions in my quick scan of the
PAM docs I have.
I'm running netatalk 1.4b2 + asun2.0a18.2, built as per the RPM I
recently made for Red Hat 5.0. I just noticed a problem in the build
that while not critical from service standpoint, is a major annoyance
to administration; syslog messages are logged under PAM_pwdb instead
of Netatalk! You can imagine how difficult this makes sorting the
messages.
After some investigation I think this might be caused by the following:
1) afpd calls openlog() very early in the process, in fact just after
reading command line arguments, and specifically BEFORE forking for a
new user and authenticating that user.
2) PAM (pam_pwdb) apparently internally calls openlog() as well,
implicitly closing afpd's original log handle.
3) After PAM functions are called and the user is authenticated, afpd
simply uses syslog() and the messages are logged under the handle
opened by PAM.
Now, fundamentally this is an example of a major problem with the
syslog functionality; subsystems of the same process have to log under
the same service name or reset syslog handles every time they're
entered. Syslog isn't really re-entrant as is should be.
However, syslog being what it is, I don't think that can be
helped. Some workaround has to be implemented in netatalk's PAM code
instead. I _think_ that as a quick hack at least, re-opening the
syslog in the end of the PAM sections of clrtxt_passwd() and
afp_changepw() would solve my problem. I don't know if it is a
generally workable solution, though.
-- The universe is laughing behind your back. Osma Ahvenlampi <oa@spray.fi>
This archive was generated by hypermail 2b28 : Sat Dec 18 1999 - 16:31:56 EST