- (djm) Move PAM session setup back to before setuid to user. Fixes

problems on Solaris-derived PAMs.

ChangeLog

@@ -1,3 +1,7 @@
+20010215
+ - (djm) Move PAM session setup back to before setuid to user. Fixes 
+   problems on Solaris-derived PAMs.
+
 20010214
  - (djm) Don't try to close PAM session or delete credentials if the
    session has not been open or credentials not set. Based on patch from 
@@ -3925,4 +3929,4 @@
  - Wrote replacements for strlcpy and mkdtemp
  - Released 1.0pre1
 
-$Id: ChangeLog,v 1.759 2001/02/13 18:45:00 stevesk Exp $
+$Id: ChangeLog,v 1.760 2001/02/15 00:32:15 djm Exp $

session.c

@@ -1016,6 +1016,10 @@ do_child(const char *command, struct passwd * pw, const char *term,
 #endif /* WITH_IRIX_ARRAY */
 #endif /* WITH_IRIX_JOBS */
 
+#ifdef USE_PAM
+	do_pam_session(pw->pw_name, ttyname);
+	do_pam_setcred();
+#endif /* USE_PAM */
 
 	/* login(1) is only called if we execute the login shell */
 	if (options.use_login && command != NULL)
@@ -1129,11 +1133,6 @@ do_child(const char *command, struct passwd * pw, const char *term,
 	shell = login_getcapstr(lc, "shell", (char *)shell, (char *)shell);
 #endif
 
-#ifdef USE_PAM
-	do_pam_session(pw->pw_name, ttyname);
-	do_pam_setcred();
-#endif /* USE_PAM */
-
 #ifdef AFS
 	/* Try to get AFS tokens for the local cell. */
 	if (k_hasafs()) {