This is a discussion on Re: Requirement for sshd account since 4.4p1 - openssh ; On Oct 28 01:13, Damien Miller wrote: > On Fri, 27 Oct 2006, Corinna Vinschen wrote: > > Right, but this is for circumventing a bug in a small number of > > systems while the effect is visible on ...
On Oct 28 01:13, Damien Miller wrote:
> On Fri, 27 Oct 2006, Corinna Vinschen wrote:
> > Right, but this is for circumventing a bug in a small number of
> > systems while the effect is visible on all systems. The fact that this
> > is also visible in sshd's which are not built with GSSAPI support at
> > all is another point.
> The alternative of adding yet another platform-specific code path is
> exactly what we are trying to get away from.
> > As a short term solution I would suggest that sshd doesn't exit
> > prematurely when it can't find the sshd account, but only later if
> > it finds that the sshd account is required for operation, like, for
> > instance, GSSAPI on Solaris, or if privilege separation is actually
> > requested.
> I don't think it makes sense to have a sshd that fails at random times
> once it has successfully started. Better to be clear at the beginning.
I understand that simple point, but I don't understand the argumentation.
This change leaves users behind which have been using sshd for a long
time in a specific manner. This has nothing to do with Cygwin or, FWIW,
any platform. Maybe you could avoid a platform-specific code path this
way but now *all* platforms have to live with the consequences of a
patch for the sake of just one broken system, Solaris with GSSAPI.
Cygwin Project Co-Leader
openssh-unix-dev mailing list