Requirement for sshd account since 4.4p1
Corinna Vinschen
vinschen at redhat.com
Sat Oct 28 03:05:58 EST 2006
On Oct 28 01:13, Damien Miller wrote:
> On Fri, 27 Oct 2006, Corinna Vinschen wrote:
> > Right, but this is for circumventing a bug in a small number of
> > systems while the effect is visible on all systems. The fact that this
> > is also visible in sshd's which are not built with GSSAPI support at
> > all is another point.
>
> The alternative of adding yet another platform-specific code path is
> exactly what we are trying to get away from.
>
> > As a short term solution I would suggest that sshd doesn't exit
> > prematurely when it can't find the sshd account, but only later if
> > it finds that the sshd account is required for operation, like, for
> > instance, GSSAPI on Solaris, or if privilege separation is actually
> > requested.
>
> I don't think it makes sense to have a sshd that fails at random times
> once it has successfully started. Better to be clear at the beginning.
I understand that simple point, but I don't understand the argumentation.
This change leaves users behind which have been using sshd for a long
time in a specific manner. This has nothing to do with Cygwin or, FWIW,
any platform. Maybe you could avoid a platform-specific code path this
way but now *all* platforms have to live with the consequences of a
patch for the sake of just one broken system, Solaris with GSSAPI.
Corinna
--
Corinna Vinschen
Cygwin Project Co-Leader
Red Hat
More information about the openssh-unix-dev
mailing list