Requirement for sshd account since 4.4p1
Corinna Vinschen
vinschen at redhat.com
Fri Oct 27 18:36:59 EST 2006
Hi,
there's a change made to 4.4p1, which gave some irritation on the Cygwin
mailing list. It's a change from 20060907:
- (djm) [sshd.c auth.c] Set up fakepw() with privsep uid/gid, so it can
be used to drop privilege to; fixes Solaris GSSAPI crash reported by
Magnus Abrante; suggestion and feedback dtucker@
NB. this change will require that the privilege separation user must
exist on all the time, not just when UsePrivilegeSeparation=yes
This fix for a Solaris specific problem forces everyone - even
non-Solaris users - to have a sshd account on the system.
This leaves behind users which have no admin access to their boxes and
just want to start a private sshd which allows to logon with their own
account.
Looking into the source code it looks like this patch was never meant
to be something other than temporary:
struct passwd *
fakepw(void)
{
[...]
fake.pw_uid = (uid_t)-1;
fake.pw_gid = (gid_t)-1;
fake.pw_uid = privsep_pw->pw_uid;
fake.pw_gid = privsep_pw->pw_gid;
So my question, are there plans to get this working as before at least
for non-Solaris users?
Thanks,
Corinna
--
Corinna Vinschen
Cygwin Project Co-Leader
Red Hat
More information about the openssh-unix-dev
mailing list