# This issue has been raised with the upstream OpenSSH community:
#
# 2426 OpenSSH doesn't need the second call to do_pam_setcred() on non-Linux
#      platforms
# https://bugzilla.mindrot.org/show_bug.cgi?id=2426
#
# The OpenSSH maintainers added a call to do_pam_setcred() in
# platform_setusercontext_post_groups() with no corresponding bugID along with
# a befuddling comment that initgroups(3C) wipes out supplementary groups:
#
#https://anongit.mindrot.org/openssh.git/commit/platform.c?id=cc12418e18242ce1f61d7035da4956274ba13a96
#
# This only applies in the Linux world if the LinuxPAM pam_group(8) module
# has been installed and configured which allows one to assign additional
# secondary groups to a user using /etc/security/group.conf in addition to
# /etc/group.  To confuse things a bit more, there is an OpenPAM PAM module
# of the same name, pam_group(8), which has different functionality, it
# performs access control based on group membership.
#
# In short, this additional call to do_pam_setcred() is Linux-specific and
# shouldn't be called on Solaris.
#
diff -pur old/platform.c new/platform.c
--- old/platform.c	2015-07-02 04:21:38.155790601 -0700
+++ new/platform.c	2015-07-02 05:11:06.302125686 -0700
@@ -145,7 +145,7 @@ platform_setusercontext(struct passwd *p
 void
 platform_setusercontext_post_groups(struct passwd *pw)
 {
-#if !defined(HAVE_LOGIN_CAP) && defined(USE_PAM)
+#if !defined(HAVE_LOGIN_CAP) && defined(USE_PAM) && !defined(PAM_SUN_CODEBASE)
 	/*
 	 * PAM credentials may take the form of supplementary groups.
 	 * These will have been wiped by the above initgroups() call.