Suggestion: Disable PrivilegeSepartion by default

Darren Tucker dtucker at zip.com.au
Sat Dec 14 01:41:06 EST 2002


Rene Klootwijk wrote:
> Markus Friedl wrote:
> > openssh has no BSM support.
> Taken from Bugzilla Bug 125 description: [snip patch description]

That comment refers to a proposed patch attached to the bug. It's not
part of openssh.

[PAM + privsep + password againg problems]
> > it's not only related to PrivilegeSeparation
> What else plays a role? In version 3.1p1 password aging worked
> perfectly.

For you maybe (and for me too for that matter) but there seem to be some
configurations that don't work.

See http://bugzilla.mindrot.org/show_bug.cgi?id=129#c2

"removing root credentials would break the rpc services that
use secure rpc on this host!
root may use keylogout -f to do this (at your own risk)!"

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.



More information about the openssh-unix-dev mailing list