[Bug 423] Workaround for pw change in privsep mode (3.5.p1)

Frank Cusack fcusack at fcusack.com
Thu Nov 7 21:42:56 EST 2002


On Thu, Nov 07, 2002 at 10:52:02AM +0100, Michael Steffens wrote:
> 
>     I would say it's impossible to encapsulate such dialogs using
>     a function like you are suggesting, unless you restrict
>     to option (p), and prepare for being presented the choice,
>     of course.
> 
>     This is also the reason why I found it too complicated to
>     implement the clean solution 1) for the moment. It would
>     require to tunnel the entire conversation between session
>     daemon and monitor, rather than just doing a request/response
>     between these.

The keyboard-interactive authentication method does this (and was designed
with PAM in mind).  It won't work correctly with privsep on (AFAIK).

/fc



More information about the openssh-unix-dev mailing list