OpenSSH and UsePrivilegeSeparation

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I'm setting up a bunch of Fedora-based servers that will be
authenticating logins via pam_ldap (PAM).  I've gotten things 
running nicely, but ran into a small probelm with OpenSSH.  When
a user who hasn't logged into a certain box before logs in and 
his home directory doesn't exist, I use the pam_mkhomedir.so 
module to create the directory.  However, this will barf on
OpenSSH <= 3.7 unless Privilege Separation is disabled since
after authentication is complete, the process is running as the
'ssh' user and can't write to /home (and couldn't change the
owner of the new directory to the user I want in any case).

Work-around is to turn off privilege separation, but I'm not sure
how good of an idea this is... the other option would be to upgrade
to OpenSSH 3.7.x where this problem is no longer an issue.

Any plans to bump Fedora's OpenSSH to 3.7?  Doesn't appear to be
the case in C2.  Maybe I should roll my own RPM's or just modify
my Kickstart configuration to turn off privilege separation on 
all the boxes when they're set up...

Just looking for some opinions.

<<winmail.dat>>


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux