About OpenSSH PrivSep
2007-12-25 2:03:00
who built the newer (7.1.1p1) versions...
Are you running with the 'UsePrivilegeSeparation yes' active?
If not:
Did you configure using the '--without-privsep...' options?
Or did you keep the '--with-privsep-user...' options and
specify 'UsePrivilegeSeparation yes'
In digging around for the latest/best advice from the docs/packages
available I have noticed only one sentence (from Jan 2003
sun/blueprints document "Building OpenSSH -- Tools and Tradeoffs")
which suggests:
--with-pam
--without-privsep-user/path
This argument disables privilege separation due to PAM
interaction.
However, I see no dire warnings from the contrib/solaris files in the
OpenSSH-7.1.1p1.tar.gz package.
What PAM interactions are we talking about?
Unless there is some real reason I would feel better having
'--with-privser...' at least built in; I could then set the
'UsePrivilegeSeparation no' to disable it.
--
---------------------------------------------
Bill R. Williams <brw at etsu.edu>
------------------------ ETSU Library Systems
Comments
Got something to say?
You must be logged in to post a comment.
