Trusted HP-UX 10.26

Ben Lindstrom mouring at etoh.eviladmin.org
Tue Mar 26 19:24:55 EST 2002


On Tue, 26 Mar 2002, Darren Cole wrote:

[..]
> > :diff -cr openssh-3.1p1.orig/session.c openssh-3.1p1/session.c
> > :*** openssh-3.1p1.orig/session.c Mon Feb 25 15:48:03 2002
> > :--- openssh-3.1p1/session.c Fri Mar 22 22:56:30 2002
> > :***************
> > :*** 1285,1291 ****
> > :--- 1285,1297 ----
> > :  #ifdef LOGIN_NEEDS_TERM
> > :        (s->term ? s->term : "unknown"),
> > :  #endif /* LOGIN_NEEDS_TERM */
> > :+ #ifdef TRUSTED_HPUX
> > :+    // the "--" makes login hang on Trusted HP-UX
> > :+    // 10.26
> > :+       "-p", "-f", pw->pw_name, (char *)NULL);
> > :+ #else
> > :        "-p", "-f", "--", pw->pw_name, (char *)NULL);
> > :+ #endif
> > :
> > :    /* Login couldn't be executed, die. */
> >
> > do you require UseLogin yes?
>
> Yes.  It seems much easier to let login taking care of checking and setting
> all that needs to be done on a CMW, instead of duplicating all of that work
> and code.
>
Reason is consistancy.

if you do X11 forwarding or 'ssh site command'  it does not use /bin/login
and therefor any security that may be defined in /bin/login is effectly
by-passed.

UseLogin is a last ditch effort, not something to use by default.

- Ben




More information about the openssh-unix-dev mailing list