diff options
author | Darren Tucker <dtucker@zip.com.au> | 2006-11-07 11:28:40 +1100 |
---|---|---|
committer | Darren Tucker <dtucker@zip.com.au> | 2006-11-07 11:28:40 +1100 |
commit | df0e438a2e4efe0422f6e0deb732d819d5938437 (patch) | |
tree | 74981130ad80db1cde7c81a662dcde2013124c40 | |
parent | 570c2ab1b619ea36a06bfbf21d88a82683cc4213 (diff) |
- (dtucker) [sshd.c] Use privsep_pw if we have it, but only require it
if we absolutely need it. Pointed out by Corinna, ok djm@
-rw-r--r-- | ChangeLog | 6 | ||||
-rw-r--r-- | sshd.c | 19 |
2 files changed, 16 insertions, 9 deletions
@@ -1,3 +1,7 @@ +20061107 + - (dtucker) [sshd.c] Use privsep_pw if we have it, but only require it + if we absolutely need it. Pointed out by Corinna, ok djm@ + 20061105 - (djm) OpenBSD CVS Sync - otto@cvs.openbsd.org 2006/10/28 18:08:10 @@ -2588,4 +2592,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4583 2006/11/04 18:32:02 djm Exp $ +$Id: ChangeLog,v 1.4584 2006/11/07 00:28:40 dtucker Exp $ @@ -1431,14 +1431,17 @@ main(int ac, char **av) debug("sshd version %.100s", SSH_RELEASE); - /* Store privilege separation user for later use */ - if ((privsep_pw = getpwnam(SSH_PRIVSEP_USER)) == NULL) - fatal("Privilege separation user %s does not exist", - SSH_PRIVSEP_USER); - memset(privsep_pw->pw_passwd, 0, strlen(privsep_pw->pw_passwd)); - privsep_pw = pwcopy(privsep_pw); - xfree(privsep_pw->pw_passwd); - privsep_pw->pw_passwd = xstrdup("*"); + /* Store privilege separation user for later use if required. */ + if ((privsep_pw = getpwnam(SSH_PRIVSEP_USER)) == NULL) { + if (use_privsep || options.kerberos_authentication) + fatal("Privilege separation user %s does not exist", + SSH_PRIVSEP_USER); + } else { + memset(privsep_pw->pw_passwd, 0, strlen(privsep_pw->pw_passwd)); + privsep_pw = pwcopy(privsep_pw); + xfree(privsep_pw->pw_passwd); + privsep_pw->pw_passwd = xstrdup("*"); + } endpwent(); /* load private host keys */ |