Problems with UsePrivilegeSeparation (was: port fwd as user != root?

Mathias Koerber mathias at koerber.org
Wed May 29 19:52:48 EST 2002


> identd is always useless :)
Not so. identd is helpful for the onerunning it (and knowing
it's correct) to track down problems connections
(and or their users). It's useless for the remote
end to base their decisions on, as they won't know
whether the replies are faked or not..

But some sites allocate privileged based on it
(in particular,one IRC server will not allow connections
from a socket owned by 'root', which is currently my problem).

> but with privsep, the privileged process does not
> touch the network.  the call to bind() will happen
> in the 'user' process.

That should help me..

thanks




More information about the openssh-unix-dev mailing list