Re: SSH_PRIVSEP_USER configurable at runtime?

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 

Corinna Vinschen wrote:
> On non-domain machines the account
> name will be "sshd", not "${machine}+sshd".  Except if the admin
> specifies that the domain is always prepended, which makes it
> "${machine}+sshd" again.  And if the admin specifies the separator char
> to be not '+' but, for instance '#', the account name will be
> "${machine}#sshd".
> 
> All that knowledge would have to go into sshd.c.

FWIW I think this is the right solution.


> Isn't it much easier and less convoluted to allow specifying the
> account name in sshd_config?

But less right, if only because if the admin changes those settings
then they need to go touch config files for no real reason.


//Peter

Attachment: pgpN7XsC1s0sP.pgp
Description: PGP signature

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux