OpenSSH and PAM

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



--df+09Je9rNq3P+GE
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Thu, Jul 11, 2002 at 12:20:24AM +0400, Solar Designer wrote:
>=20
> Not really.  PAM keyboard interactive authentication is not relevant
> to PAM password changing, and should be disabled (unless there's
> another reason to use it).

really? the documentation is a bit vague on this.

> Finally, I did a patch to re-enable password changes, without the
> nasty side effect which was the reason to disable that code, for the
> non-privsep case in the OpenSSH 3.4p1 package in Owl (our distribution,
> http://www.openwall.com/Owl/).  The patch is freely available as a
> part of Owl (in the native tree).  To this message I've attached just
> the two patches relevant to making password changing work again in
> 3.4p1.  Our OpenSSH package contains many other patches (11 total).

is there any way to fix it for the privsep case?  since it seems clear
that sshd is full of holes turning off privsep is a very bad idea.

--=20
Ethan Benson
http://www.alaska.net/~erbenson/

--df+09Je9rNq3P+GE
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAj0tMjAACgkQJKx7GixEevzlzACfXCu9q5K4kB/BOPSeFlSFAPbU
G5YAoIixqr8V9g74m+SZgh6Z4KZAnqo+
=+ZqX
-----END PGP SIGNATURE-----

--df+09Je9rNq3P+GE--





[Index of Archives]     [Fedora Users]     [Kernel]     [Red Hat Install]     [Linux for the blind]     [Gimp]

  Powered by Linux