Privilege Separation Design Question

Daniel Kahn Gillmor dkg at
Fri Jul 1 00:04:17 EST 2011

On 06/30/2011 09:48 AM, Hans Harder wrote:
> Also if you do that in the middle of automatic script activity, I have
> no idea what will go wrong

I agree, this strikes me as a disaster waiting to happen.

Eric, have you considered doing re-authorization without
re-authentication?  It seems to me that you could take that approach
much more cleanly (and simply terminate any ongoing connections that are
found to be no-longer-authorized).


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1030 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the openssh-unix-dev mailing list