PrivSep on Tru64Unix boxes [was Re: OpenSSH 3.5p1, Solaris 8, BSM, cron issue]
David Komanek
xdavid at lib.natur.cuni.cz
Tue Oct 22 16:46:28 EST 2002
> BSM and privsep is pretty much in the same category as PAM and privsep.
> The BSM patch does two things only one of which impacts the cron job
> problem. The first and most important thing it does is setup the users
> audit mask. The second is to write login/logout audit records to the BSM
> audit log. Both of these things need uid 0 to work on Solaris.
I can confirm the same problem for Tru64Unix 5.1A with enhanced security
option enabled. OpenSSH login procedure with PrivSep enabled ends up with
error on audit subsystem calls. I think it is a common issue in any
system with the password security better than shadowed passwords and
no real PAMs. In this case, PrivSep appears pretty unusable for me, I
think. Or do I miss something basic ?
David Komanek
More information about the openssh-unix-dev
mailing list