# This issue has been raised with the upstream OpenSSH community:
#
# 2426 OpenSSH doesn't need the second call to do_pam_setcred() on non-Linux
# platforms
#
# The OpenSSH maintainers added a call to do_pam_setcred() in
# platform_setusercontext_post_groups() with no corresponding bugID along with
# a befuddling comment that initgroups(3C) wipes out supplementary groups:
#
#
# This only applies in the Linux world if the LinuxPAM pam_group(8) module
# has been installed and configured which allows one to assign additional
# secondary groups to a user using /etc/security/group.conf in addition to
# /etc/group. To confuse things a bit more, there is an OpenPAM PAM module
# of the same name, pam_group(8), which has different functionality, it
# performs access control based on group membership.
#
# In short, this additional call to do_pam_setcred() is Linux-specific and
# shouldn't be called on Solaris.
#
diff -pur old/platform.c new/platform.c
--- old/platform.c 2015-07-02 04:21:38.155790601 -0700
+++ new/platform.c 2015-07-02 05:11:06.302125686 -0700
@@ -145,7 +145,7 @@ platform_setusercontext(struct passwd *p
void
platform_setusercontext_post_groups(struct passwd *pw)
{
-#if !defined(HAVE_LOGIN_CAP) && defined(USE_PAM)
+#if !defined(HAVE_LOGIN_CAP) && defined(USE_PAM) && !defined(PAM_SUN_CODEBASE)
/*
* PAM credentials may take the form of supplementary groups.
* These will have been wiped by the above initgroups() call.