Suggestion: Disable PrivilegeSepartion by default

Rene Klootwijk rene at
Fri Dec 13 22:45:20 EST 2002

PrivilegeSeparation seems to be a valuable option, however at its
current maturity level it is the cause of several problems. Just to name
a few:
- Incompatible with BSM auditing on Solaris
- Incompatible with PAM password aging (for this reason??? the code to
handle password expiration has been disabled without ANY notice)
- Causes core dumps on HP-UX
I think PrivilegeSeparation should be disabled by default, and not
enabled by default as is the case right now. Even better is to make the
PrivilegeSeparation support configurable at compile time, when you do
not want it it will not be in the binary. As soon as the
PrivilegeSeparation code it mature and does not cause all these
problems, it can be enabled by default again.
Another thing, when features such as PAM password aging are no longer
supported in new releases (e.g. because the code has been commented
out), there should be a clear warning of this. In my case, disabling the
PAM password expiry code, resulted in users not being able to change
their password and access the system anymore, some weeks after we
upgraded from openssh-3.1p1 to openssh-3.4p1.
-------------- next part --------------
An HTML attachment was scrubbed...

More information about the openssh-unix-dev mailing list