On Tue, 1 Apr 2014, Corinna Vinschen wrote: > I'm not sure I can follow. Do you mean we should make sure that a > machine account sshd always exists and use that? > > The problem is, sshd would still call getpwent("sshd"). This would work > for machine accounts on non-domain machines and for primary domain > accounts on domain member machines, but it would fail for a machine > account on a domain member machine when using the default account naming > rules. And if the admin changed them to "always prepend domain name", > there would not be a "sshd" account at all. I'm suggesting changing the account that sshd tries to look up. If it always uses ${machine}\sshd then will it work? (Assuming the host setup script ensures this account exists) -d _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev