- (dtucker) [sshd.c] Use privsep_pw if we have it, but only require it

if we absolutely need it. Pointed out by Corinna, ok djm@
author: Darren Tucker <dtucker@zip.com.au> 2006-11-07 11:28:40 +1100
committer: Darren Tucker <dtucker@zip.com.au> 2006-11-07 11:28:40 +1100
commit: df0e438a2e4efe0422f6e0deb732d819d5938437 (patch)
tree: 74981130ad80db1cde7c81a662dcde2013124c40 /sshd.c
parent: 570c2ab1b619ea36a06bfbf21d88a82683cc4213 (diff)
download: openssh-git-df0e438a2e4efe0422f6e0deb732d819d5938437.tar.gz
1 files changed, 11 insertions, 8 deletions
diff --git a/sshd.c b/sshd.c
index 06ec03b2..a5fa9e4e 100644
--- a/sshd.c
+++ b/sshd.c
@@ -1431,14 +1431,17 @@ main(int ac, char **av)
 
 	debug("sshd version %.100s", SSH_RELEASE);
 
-	/* Store privilege separation user for later use */
-	if ((privsep_pw = getpwnam(SSH_PRIVSEP_USER)) == NULL)
-		fatal("Privilege separation user %s does not exist",
-		    SSH_PRIVSEP_USER);
-	memset(privsep_pw->pw_passwd, 0, strlen(privsep_pw->pw_passwd));
-	privsep_pw = pwcopy(privsep_pw);
-	xfree(privsep_pw->pw_passwd);
-	privsep_pw->pw_passwd = xstrdup("*");
+	/* Store privilege separation user for later use if required. */
+	if ((privsep_pw = getpwnam(SSH_PRIVSEP_USER)) == NULL) {
+		if (use_privsep || options.kerberos_authentication)
+			fatal("Privilege separation user %s does not exist",
+			    SSH_PRIVSEP_USER);
+	} else {
+		memset(privsep_pw->pw_passwd, 0, strlen(privsep_pw->pw_passwd));
+		privsep_pw = pwcopy(privsep_pw);
+		xfree(privsep_pw->pw_passwd);
+		privsep_pw->pw_passwd = xstrdup("*");
+	}
 	endpwent();
 
 	/* load private host keys */
author	Darren Tucker <dtucker@zip.com.au>	2006-11-07 11:28:40 +1100
committer	Darren Tucker <dtucker@zip.com.au>	2006-11-07 11:28:40 +1100
commit	df0e438a2e4efe0422f6e0deb732d819d5938437 (patch)
tree	74981130ad80db1cde7c81a662dcde2013124c40 /sshd.c
parent	570c2ab1b619ea36a06bfbf21d88a82683cc4213 (diff)
download	openssh-git-df0e438a2e4efe0422f6e0deb732d819d5938437.tar.gz