diff options
author | dtucker <dtucker> | 2006-11-07 00:28:40 +0000 |
---|---|---|
committer | dtucker <dtucker> | 2006-11-07 00:28:40 +0000 |
commit | b417a8129770de6e0723845f8f7090e6eedb752f (patch) | |
tree | 7aa7fbc5869ebacdd750e39f97eb871c21faf54e | |
parent | aae5db892f3b064814d810f7ad279e3903fb0f4c (diff) | |
download | openssh-b417a8129770de6e0723845f8f7090e6eedb752f.tar.gz |
- (dtucker) [sshd.c] Use privsep_pw if we have it, but only require it
if we absolutely need it. Pointed out by Corinna, ok djm@
-rw-r--r-- | ChangeLog | 6 | ||||
-rw-r--r-- | sshd.c | 19 |
2 files changed, 16 insertions, 9 deletions
@@ -1,3 +1,7 @@ +20061107 + - (dtucker) [sshd.c] Use privsep_pw if we have it, but only require it + if we absolutely need it. Pointed out by Corinna, ok djm@ + 20061105 - (djm) OpenBSD CVS Sync - otto@cvs.openbsd.org 2006/10/28 18:08:10 @@ -2588,4 +2592,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4583 2006/11/04 18:32:02 djm Exp $ +$Id: ChangeLog,v 1.4584 2006/11/07 00:28:40 dtucker Exp $ @@ -1431,14 +1431,17 @@ main(int ac, char **av) debug("sshd version %.100s", SSH_RELEASE); - /* Store privilege separation user for later use */ - if ((privsep_pw = getpwnam(SSH_PRIVSEP_USER)) == NULL) - fatal("Privilege separation user %s does not exist", - SSH_PRIVSEP_USER); - memset(privsep_pw->pw_passwd, 0, strlen(privsep_pw->pw_passwd)); - privsep_pw = pwcopy(privsep_pw); - xfree(privsep_pw->pw_passwd); - privsep_pw->pw_passwd = xstrdup("*"); + /* Store privilege separation user for later use if required. */ + if ((privsep_pw = getpwnam(SSH_PRIVSEP_USER)) == NULL) { + if (use_privsep || options.kerberos_authentication) + fatal("Privilege separation user %s does not exist", + SSH_PRIVSEP_USER); + } else { + memset(privsep_pw->pw_passwd, 0, strlen(privsep_pw->pw_passwd)); + privsep_pw = pwcopy(privsep_pw); + xfree(privsep_pw->pw_passwd); + privsep_pw->pw_passwd = xstrdup("*"); + } endpwent(); /* load private host keys */ |