Suggestion: Disable PrivilegeSepartion by default
Darren Tucker
dtucker at zip.com.au
Sat Dec 14 01:41:06 EST 2002
Rene Klootwijk wrote:
> Markus Friedl wrote:
> > openssh has no BSM support.
> Taken from Bugzilla Bug 125 description: [snip patch description]
That comment refers to a proposed patch attached to the bug. It's not
part of openssh.
[PAM + privsep + password againg problems]
> > it's not only related to PrivilegeSeparation
> What else plays a role? In version 3.1p1 password aging worked
> perfectly.
For you maybe (and for me too for that matter) but there seem to be some
configurations that don't work.
See http://bugzilla.mindrot.org/show_bug.cgi?id=129#c2
"removing root credentials would break the rpc services that
use secure rpc on this host!
root may use keylogout -f to do this (at your own risk)!"
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
More information about the openssh-unix-dev
mailing list