openssh unix dev - Oct 2000 - HP-UX and trusted system

Hi,

is it possible to have only _one_ openssh binary distribution (it means compiled
by myself) wich recongnizes itself wether there is an trusted system or not?
With the commerfial stuff I have to build to variants dependeing on the security
mode - but this is quite not friendly for admins.

Regards
Stephan


--
LDS Brandenburg
Dr. Stephan Hendl
fon: +49-(0)331-39 471
fax: +49-(0)331-27548 1187
EMail: stephan.hendl at lds.brandenburg.de

Unless I'm mistaken, the only thing having HAVE_HPUX_TRUSTED_SYSTEM_PW
defined during the compile does is to call bigcrypt instead of crypt in
auth-passwd.c.  If you're not using passwords longer that 8 characters,
I'd
expect a binary built on a non-trusted system would work on a trusted one
(and it has in my limited testing).

A better solution for HPUX would probably be to have the routine call
iscomsec to see if trusted is on or off and then call the appropriate crypt
routine.

Note that I take the defaults and let it build using PAM on my systems -- if
you don't there might possibly be other problems to be taken care of.

Jim

On Mon, Oct 23, 2000 at 01:15:39PM +0200, Stephan Hendl
wrote:
> Hi,
> 
> is it possible to have only _one_ openssh binary distribution (it means
compiled by myself) wich recongnizes itself wether there is an trusted system or
not? With the commerfial stuff I have to build to variants dependeing on the
security mode - but this is quite not friendly for admins.
> 
> Regards
> Stephan