Requirement for sshd account since 4.4p1

Corinna Vinschen vinschen at redhat.com
Fri Oct 27 18:36:59 EST 2006


Hi,


there's a change made to 4.4p1, which gave some irritation on the Cygwin
mailing list.  It's a change from 20060907:

 - (djm) [sshd.c auth.c] Set up fakepw() with privsep uid/gid, so it can
   be used to drop privilege to; fixes Solaris GSSAPI crash reported by
   Magnus Abrante; suggestion and feedback dtucker@
   NB. this change will require that the privilege separation user must
   exist on all the time, not just when UsePrivilegeSeparation=yes

This fix for a Solaris specific problem forces everyone - even
non-Solaris users - to have a sshd account on the system.

This leaves behind users which have no admin access to their boxes and
just want to start a private sshd which allows to logon with their own
account.

Looking into the source code it looks like this patch was never meant
to be something other than temporary:

struct passwd *
fakepw(void)
{
[...]
        fake.pw_uid = (uid_t)-1;
        fake.pw_gid = (gid_t)-1;
        fake.pw_uid = privsep_pw->pw_uid;
        fake.pw_gid = privsep_pw->pw_gid;

So my question, are there plans to get this working as before at least
for non-Solaris users?


Thanks,
Corinna

-- 
Corinna Vinschen
Cygwin Project Co-Leader
Red Hat



More information about the openssh-unix-dev mailing list