About OpenSSH PrivSep

From: Bill R. Williams (brwms@etsu.edu)
Date: Wed Sep 24 2003 - 08:38:09 EDT


Question for those of you who are using OpenSSH -- especially those
who built the newer (7.1.1p1) versions...

Are you running with the 'UsePrivilegeSeparation yes' active?
If not:
        Did you configure using the '--without-privsep...' options?

        Or did you keep the '--with-privsep-user...' options and
        specify 'UsePrivilegeSeparation yes'

In digging around for the latest/best advice from the docs/packages
available I have noticed only one sentence (from Jan 2003
sun/blueprints document "Building OpenSSH -- Tools and Tradeoffs")
which suggests:
        --with-pam
        --without-privsep-user/path
                This argument disables privilege separation due to PAM
                interaction.

However, I see no dire warnings from the contrib/solaris files in the
OpenSSH-7.1.1p1.tar.gz package.

What PAM interactions are we talking about?
Unless there is some real reason I would feel better having
'--with-privser...' at least built in; I could then set the
'UsePrivilegeSeparation no' to disable it.

-- 
 ---------------------------------------------
 Bill R. Williams               <brw@etsu.edu>
 ------------------------ ETSU Library Systems
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers


This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:27:10 EDT