tru64 sia: move call of session_setup_sia() to do_setusercontext(), letting grantpty() and friends handle pty perms

Chris Adams cmadams at hiwaay.net
Fri Sep 13 06:31:53 EST 2002


Once upon a time, Toni L. Harbaugh-Blackford <harbaugh at nciaxp.ncifcrf.gov> said:
> Does anyone see any other problems with moving session_setup_sia() to
> do_setusercontext() when privsep is in use?  Any comments on the
> list above?

The biggest one is that you lose functionality from the SIA layer.  If
SIA doesn't have a terminal, it can't tell the user their password is
expired or their account is locked (or the last successful and failed
logins), the user can't change expired password at login, etc.  Any of
that will just cause the connection to fail silently, which IMHO is not
acceptable.

Obviously right now, the connection will fail silently for non-TTY
logins to locked accounts, etc., but an TTY login will give the user the
error.
-- 
Chris Adams <cmadams at hiwaay.net>
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.



More information about the openssh-unix-dev mailing list