there's a change made to 4.4p1, which gave some irritation on the Cygwin
mailing list. It's a change from 20060907:

- (djm) [sshd.c auth.c] Set up fakepw() with privsep uid/gid, so it can
be used to drop privilege to; fixes Solaris GSSAPI crash reported by
Magnus Abrante; suggestion and feedback dtucker@
NB. this change will require that the privilege separation user must
exist on all the time, not just when UsePrivilegeSeparation=yes

This fix for a Solaris specific problem forces everyone - even
non-Solaris users - to have a sshd account on the system.

This leaves behind users which have no admin access to their boxes and
just want to start a private sshd which allows to logon with their own

Looking into the source code it looks like this patch was never meant
to be something other than temporary:

struct passwd *
fake.pw_uid = (uid_t)-1;
fake.pw_gid = (gid_t)-1;
fake.pw_uid = privsep_pw->pw_uid;
fake.pw_gid = privsep_pw->pw_gid;

So my question, are there plans to get this working as before at least
for non-Solaris users?


Corinna Vinschen
Cygwin Project Co-Leader
Red Hat
openssh-unix-dev mailing list