diff options
author | dtucker <dtucker> | 2006-11-07 00:28:40 +0000 |
---|---|---|
committer | dtucker <dtucker> | 2006-11-07 00:28:40 +0000 |
commit | b417a8129770de6e0723845f8f7090e6eedb752f (patch) | |
tree | 7aa7fbc5869ebacdd750e39f97eb871c21faf54e /sshd.c | |
parent | aae5db892f3b064814d810f7ad279e3903fb0f4c (diff) | |
download | openssh-b417a8129770de6e0723845f8f7090e6eedb752f.tar.gz |
- (dtucker) [sshd.c] Use privsep_pw if we have it, but only require it
if we absolutely need it. Pointed out by Corinna, ok djm@
Diffstat (limited to 'sshd.c')
-rw-r--r-- | sshd.c | 19 |
1 files changed, 11 insertions, 8 deletions
@@ -1431,14 +1431,17 @@ main(int ac, char **av) debug("sshd version %.100s", SSH_RELEASE); - /* Store privilege separation user for later use */ - if ((privsep_pw = getpwnam(SSH_PRIVSEP_USER)) == NULL) - fatal("Privilege separation user %s does not exist", - SSH_PRIVSEP_USER); - memset(privsep_pw->pw_passwd, 0, strlen(privsep_pw->pw_passwd)); - privsep_pw = pwcopy(privsep_pw); - xfree(privsep_pw->pw_passwd); - privsep_pw->pw_passwd = xstrdup("*"); + /* Store privilege separation user for later use if required. */ + if ((privsep_pw = getpwnam(SSH_PRIVSEP_USER)) == NULL) { + if (use_privsep || options.kerberos_authentication) + fatal("Privilege separation user %s does not exist", + SSH_PRIVSEP_USER); + } else { + memset(privsep_pw->pw_passwd, 0, strlen(privsep_pw->pw_passwd)); + privsep_pw = pwcopy(privsep_pw); + xfree(privsep_pw->pw_passwd); + privsep_pw->pw_passwd = xstrdup("*"); + } endpwent(); /* load private host keys */ |