[Bug 423] Workaround for pw change in privsep mode (3.5.p1)

Michael Steffens michael_steffens at hp.com
Thu Nov 7 22:40:37 EST 2002


Frank Cusack wrote:
> On Thu, Nov 07, 2002 at 10:52:02AM +0100, Michael Steffens wrote:
> 
>>    This is also the reason why I found it too complicated to
>>    implement the clean solution 1) for the moment. It would
>>    require to tunnel the entire conversation between session
>>    daemon and monitor, rather than just doing a request/response
>>    between these.
> 
> 
> The keyboard-interactive authentication method does this (and was designed
> with PAM in mind).  It won't work correctly with privsep on (AFAIK).

Ooops, not familiar with that part.
But if it does only work with privsep off I would assume it
doesn't do conversation tunneling between session daemon
and monitor, because there is no monitor?

Or do I have an oversimplified view of the world here? :)

Cheers!
Michael




More information about the openssh-unix-dev mailing list