making openssh work with chroot()'ed accounts?
Andrew Bartlett
abartlet at pcug.org.au
Tue Sep 18 23:01:35 EST 2001
James Ralston wrote:
>
> On Mon, 17 Sep 2001 mouring at etoh.eviladmin.org wrote:
>
> > Yes. Maintaining such machinery [replicated programs/libraries for
> > chroot'ed directory structures] is nasty, IMHO.. =) But I tend to
> > deploy chroot() sparingly.
>
> To some degree, I agree, but IMO it's a small price to pay for being
> able to run something in a chroot() environment.
>
> > Sorry, I will not claim to understand PAM in some respects. I know
> > that PAM does not always act the same on every platform (Seems HP/UX
> > vs Solaris to be the major waring parties. =).
>
> Well, let me ask this: do you approve of this method?
>
> I don't think it will too difficult to patch sshd to always use
> do_pam_session, and do it appropriately (famous last words, I know).
> It might work, it might not; I'll have to test it to see.
It appears to be fixed in current CVS, as there was a in 'interesting'
discussion on Bugtraq about this a couple of months ago :-), and various
mailing and patches from people on this list before that.
Andrew Bartlett
--
Andrew Bartlett abartlet at pcug.org.au
Samba Team member, Build Farm maintainer abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
More information about the openssh-unix-dev
mailing list