Suggestion: Disable PrivilegeSepartion by default

Darren Tucker dtucker at
Sat Dec 14 01:41:06 EST 2002

Rene Klootwijk wrote:
> Markus Friedl wrote:
> > openssh has no BSM support.
> Taken from Bugzilla Bug 125 description: [snip patch description]

That comment refers to a proposed patch attached to the bug. It's not
part of openssh.

[PAM + privsep + password againg problems]
> > it's not only related to PrivilegeSeparation
> What else plays a role? In version 3.1p1 password aging worked
> perfectly.

For you maybe (and for me too for that matter) but there seem to be some
configurations that don't work.


"removing root credentials would break the rpc services that
use secure rpc on this host!
root may use keylogout -f to do this (at your own risk)!"

Darren Tucker (dtucker at
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

More information about the openssh-unix-dev mailing list