[Bug 423] Workaround for pw change in privsep mode (3.5.p1)
Frank Cusack
fcusack at fcusack.com
Thu Nov 7 21:42:56 EST 2002
On Thu, Nov 07, 2002 at 10:52:02AM +0100, Michael Steffens wrote:
>
> I would say it's impossible to encapsulate such dialogs using
> a function like you are suggesting, unless you restrict
> to option (p), and prepare for being presented the choice,
> of course.
>
> This is also the reason why I found it too complicated to
> implement the clean solution 1) for the moment. It would
> require to tunnel the entire conversation between session
> daemon and monitor, rather than just doing a request/response
> between these.
The keyboard-interactive authentication method does this (and was designed
with PAM in mind). It won't work correctly with privsep on (AFAIK).
/fc
More information about the openssh-unix-dev
mailing list