Trusted HP-UX 10.26
Ben Lindstrom
mouring at etoh.eviladmin.org
Tue Mar 26 19:24:55 EST 2002
On Tue, 26 Mar 2002, Darren Cole wrote:
[..]
> > :diff -cr openssh-3.1p1.orig/session.c openssh-3.1p1/session.c
> > :*** openssh-3.1p1.orig/session.c Mon Feb 25 15:48:03 2002
> > :--- openssh-3.1p1/session.c Fri Mar 22 22:56:30 2002
> > :***************
> > :*** 1285,1291 ****
> > :--- 1285,1297 ----
> > : #ifdef LOGIN_NEEDS_TERM
> > : (s->term ? s->term : "unknown"),
> > : #endif /* LOGIN_NEEDS_TERM */
> > :+ #ifdef TRUSTED_HPUX
> > :+ // the "--" makes login hang on Trusted HP-UX
> > :+ // 10.26
> > :+ "-p", "-f", pw->pw_name, (char *)NULL);
> > :+ #else
> > : "-p", "-f", "--", pw->pw_name, (char *)NULL);
> > :+ #endif
> > :
> > : /* Login couldn't be executed, die. */
> >
> > do you require UseLogin yes?
>
> Yes. It seems much easier to let login taking care of checking and setting
> all that needs to be done on a CMW, instead of duplicating all of that work
> and code.
>
Reason is consistancy.
if you do X11 forwarding or 'ssh site command' it does not use /bin/login
and therefor any security that may be defined in /bin/login is effectly
by-passed.
UseLogin is a last ditch effort, not something to use by default.
- Ben
More information about the openssh-unix-dev
mailing list