search for: useprivilegeseperation

It looks to me like GSSAPICleanupCredentials doesn't work if UsePrivilegeSeparation is set to "no". Is this a bug, or am I doing something wrong? On a related note, is there a SERVER way to disable GSSAPIDelegateCredentials?

...Host: rs6000-ibm-aix4.3.3.0 Compiler: cc Compiler flags: -g Preprocessor flags: -I/usr/local/ssl/include -I/usr/local/include Linker flags: -L/usr/local/ssl/lib -L/usr/local/lib -blibpath:/usr/lib:/lib:/usr/local/lib Libraries: -lwrap -lz -lcrypto Changing UsePrivilegeSeperation to no has no effect. Removing and creating new keys on both sides has no effect. The only changes to the sshd_config file are: PermitRootLogin no IgnoreRhosts no HostbasedAuthentication yes The only changes to the ssh_config file are: Host * ForwardX11 yes HostbasedAuthentication yes...

...nt ??7*[getty] ??rsyslogd???3*[{rsyslogd}] ??sshd???sshd???bash???ssh ? ??sshd???bash???pstree ? ??sshd???sshd ??systemd-logind ??systemd-udevd ??upstart-file-br ??upstart-socket- ??upstart-udev-br If I disable Privilege Seperation ("UsePrivilegeSeperation no") in sshd config then the problem goes away but that opens up a security loophole where the process is running at root privilege even prior to authentication. What do you guys think? Have others come across this? Is there a patch available for this? Thanks, Kam

...ression is disabled in the sshd config file, and a client attempts to connect with compression enabled, the session fails with the following error message: no matching comp found: client zlib server none This error message is produced on line 285 of kex.c (version 3.4p1). This happens with either UsePrivilegeSeperation on or off, so I do not believe it is a PrivSep issue. Am I mistaken in thinking that disabling compression on the server would simply silently disable compression for all connections to that server? -- Bruce Guenter <bruceg at em.ca> http://em.ca/~bruceg/ http://untroubled.org/ OpenPGP key:...

...ix86 OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: openssh-unix-dev at mindrot.org ReportedBy: gmsilver at uslinux.net LDAP authentication via PAM is refused (and no logs are generated) when UsePrivilegeSeperation is enabled. Disabling PrivilegeSeperation fixes this, though sacrafices the benefits of PrivilegeSeperation. Normal unix authentication through PAM is unaffected - only pam_ldap experiences this problem. Can be duplicated under Debian Linux, Woody release. ------- You are receiving this mail...

...d has expired.\n"); if (s->ttyfd != -1) { fprintf(stderr, "You must change your password now and login again!\n"); execl(_PATH_PASSWD_PROG, "passwd", (char *)NULL); > If I disable Privilege Seperation ("UsePrivilegeSeperation no") in sshd config then the problem goes away but that opens up a security loophole where the process is running at root privilege even prior to authentication. RIght, see #3 above. -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA6...