Solaris BSM audit support

Nico Kadel-Garcia nkadel at gmail.com
Sat Feb 25 00:15:00 EST 2012


On Thu, Feb 23, 2012 at 8:34 PM, Leo Liou <leo.liou at centrify.com> wrote:

> Thanks for responding.
> Yes. We are software vendor (www.centrify.com).
> I have several customers asked me about this - they would like to use
> openssh rather than Sun's stock sshd which has other (unrelated) issues.
> BSM is the issue that stands in the way right now.
> They saw the experimental designation, and just backed off, hence the
> email to you.
> So, I think the point is if they run into issue, can they (or we) get some
> help to look into it and possibly get fix.
> Thanks.
>
> Hi, Leo:

I've used Centrify's OpenSSH and related tools for genuine single-sign-in
for Linux servers and Windows clients. They provided updated Putty and
OpenSSH servers with GSSAPI for RHEL 3, RHEL 4 and RHEL 5 servers. Good,
useful stuff, especially with the Active Directory integration for mixed
environments.

Have you folks seen any BSM issues? I'd expect your clients who've
activated this to be some of the best test beds to verify its effectiveness.

Leo, did you guys ever straighten out the "compile OpenSSH for the
particular Linux distribution, don't assume OpenSSH compiled on older
distributions will operate on the most recent release" issue? You used to
publish only the RHEL 3 RPM's for RHEL based Linux, and I'm the one who
sent the "xauth moved since then, you need to recompile on RHEL 5 or edit
sshd_config" workaround.


More information about the openssh-unix-dev mailing list