[Bug 2358] allow sshd to "redirect" to another local user
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Fri Nov 13 14:19:07 AEDT 2015
https://bugzilla.mindrot.org/show_bug.cgi?id=2358
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |djm at mindrot.org
--- Comment #3 from Damien Miller <djm at mindrot.org> ---
(In reply to Darren Tucker from comment #1)
> Thinking about this one I think it would be possible to fit into the
> Match framework but I'm struggling to think of an example of where
> it would actually be useful. Why would you want to do such a thing?
>
> As for security implications: it might upset privsep (in general it
> does not allow changing of usernames once started). It would have
> to be explicitly configured by the system administrator.
I know of one case where system administrators wanted to implement a
"catch-all" user. They did this by hacking getpwnamallow() to lookup a
single account for all users. We could do a "ForceUser" option that did
something similar I guess.
it does mean that authctxt->user wouldn't be the same as
authctxt->pw->pw_name and a couple of things depend on this, e.g. s/key
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
More information about the openssh-bugs
mailing list