Fedora Linux Support Community & Resources Center

Home Forums Posting Rules Linux Help Fedora Set-Up Guides Ask Fedora Fedora Project
Go Back   FedoraForum.org > Fedora 17/18 > Using Fedora
Reload this Page pam_keyinit(sshd:session): Unable to change GID to 100 temporarily
FedoraForum Search
Forgot Password? Join Us!
Register All Albums FAQ Search Today's Posts Mark Forums Read

Using Fedora General support for current versions. Ask questions about Fedora and it's software that do not belong in any other forum.

Reply
 
Thread Tools Search this Thread Display Modes
  #1  
Old 27th December 2006, 10:49 AM
libove Offline
Registered User
  
Join Date: Dec 2006
Posts: 3
pam_keyinit(sshd:session): Unable to change GID to 100 temporarily
Starting right after I upgraded an existing Fedora Core 5 system to Core 6 on December 12th, 2006, I began seeing these messages a few times a day in /var/log/secure:

"pam_keyinit(sshd:session): Unable to change GID to 100 temporarily"

Here's the full context from /var/log/secure for one specific sshd process which produced the message:

Dec 24 12:33:46 panther8 sshd[4285]: Accepted password for libove from 216.27.163.46 port 4154 ssh2
Dec 24 12:33:46 panther8 sshd[4285]: pam_unix(sshd:session): session opened for user libove by (uid=0)
[ note time difference - the two entries below are for when the SSH session ends ]
Dec 24 13:49:15 panther8 sshd[4285]: pam_keyinit(sshd:session): Unable to change GID to 100 temporarily
Dec 24 13:49:15 panther8 sshd[4285]: pam_unix(sshd:session): session closed for user libove

Searching around forums and blogs, I see several other reports of this issue, none with a resolution.

I looked in the PAM sources and found this "Unable to change..." message in the pam_keyinit module. The specific text occurs in two functions in pam_keyinit - kill_keyrings() and pam_sm_open_session(). Since the appearance of the message in /var/log/secure is at the end of the SSH session, I assume that it is actually coming from kill_keyrings(), which seems to be the sort of thing which happens at the end of an SSH session, rather than from pam_sm_open_session(), which appears to be the sort of thing which happens at the beginning of an SSH session.

GID 100 on my system is the typical "users" group.
My user ID 137 is a member of group 100.
root (uid 0) is not a member of group 100, nor is the SSH Privilege Separation user (uid 74) a member of group 100.

I've been around UNIX since the mid-1980s, and I admit that I am unfamiliar with these newfangled things like PAM.

I do not get the impression that this is an actual security problem, and it does not appear to cause any operational problem. Nonetheless, I prefer nice clean log files, so I'd like to understand this and get it fixed.

Thanks
-Jay Libove, CISSP
Atlanta, GA, US
Reply With Quote
Reply

Tags
100, change, gid, pamkeyinitsshdsession, temporarily, unable

« Previous Thread | Next Thread »
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
can't change sshd port 22to something else Comrad Servers & Networking 11 14th September 2009 08:16 AM
How do I change session upon logging in? anchorschmidt Using Fedora 6 20th August 2009 01:46 PM
Starting sshd: /etc/init.d/sshd: line 113: /usr/sbin/sshd: Permission denied sumanc Using Fedora 9 28th March 2008 06:37 AM


Current GMT-time: 13:22 (Saturday, 25-05-2013)

TopSubscribe to XML RSS for all Threads in all ForumsFedoraForumDotOrg Archive
logo

All trademarks, and forum posts in this site are property of their respective owner(s).
FedoraForum.org is privately owned and is not directly sponsored by the Fedora Project or Red Hat, Inc.
Privacy Policy | Term of Use | Posting Guidelines | Archive | Contact Us | Founding Members

Powered by vBulletin® Copyright ©2000 - 2012, vBulletin Solutions, Inc.

 FedoraForum is Powered by RedHat