- (dtucker) [sshd.c] Use privsep_pw if we have it, but only require it

if we absolutely need it. Pointed out by Corinna, ok djm@
author: dtucker <dtucker> 2006-11-07 00:28:40 +0000
committer: dtucker <dtucker> 2006-11-07 00:28:40 +0000
commit: b417a8129770de6e0723845f8f7090e6eedb752f (patch)
tree: 7aa7fbc5869ebacdd750e39f97eb871c21faf54e /sshd.c
parent: aae5db892f3b064814d810f7ad279e3903fb0f4c (diff)
download: openssh-b417a8129770de6e0723845f8f7090e6eedb752f.tar.gz
1 files changed, 11 insertions, 8 deletions
diff --git a/sshd.c b/sshd.c
index 06ec03b2..a5fa9e4e 100644
--- a/sshd.c
+++ b/sshd.c
@@ -1431,14 +1431,17 @@ main(int ac, char **av)
 
 	debug("sshd version %.100s", SSH_RELEASE);
 
-	/* Store privilege separation user for later use */
-	if ((privsep_pw = getpwnam(SSH_PRIVSEP_USER)) == NULL)
-		fatal("Privilege separation user %s does not exist",
-		    SSH_PRIVSEP_USER);
-	memset(privsep_pw->pw_passwd, 0, strlen(privsep_pw->pw_passwd));
-	privsep_pw = pwcopy(privsep_pw);
-	xfree(privsep_pw->pw_passwd);
-	privsep_pw->pw_passwd = xstrdup("*");
+	/* Store privilege separation user for later use if required. */
+	if ((privsep_pw = getpwnam(SSH_PRIVSEP_USER)) == NULL) {
+		if (use_privsep || options.kerberos_authentication)
+			fatal("Privilege separation user %s does not exist",
+			    SSH_PRIVSEP_USER);
+	} else {
+		memset(privsep_pw->pw_passwd, 0, strlen(privsep_pw->pw_passwd));
+		privsep_pw = pwcopy(privsep_pw);
+		xfree(privsep_pw->pw_passwd);
+		privsep_pw->pw_passwd = xstrdup("*");
+	}
 	endpwent();
 
 	/* load private host keys */
author	dtucker <dtucker>	2006-11-07 00:28:40 +0000
committer	dtucker <dtucker>	2006-11-07 00:28:40 +0000
commit	b417a8129770de6e0723845f8f7090e6eedb752f (patch)
tree	7aa7fbc5869ebacdd750e39f97eb871c21faf54e /sshd.c
parent	aae5db892f3b064814d810f7ad279e3903fb0f4c (diff)
download	openssh-b417a8129770de6e0723845f8f7090e6eedb752f.tar.gz