On Tue Aug 13, 2002 at 07:29:20PM -0400, Oden Eriksson wrote:
[...]
> > > Yes I just checked the code and it's pretty hard to remove it, and theo
> > > would probably not approve ;)
> >
> > No, Theo wouldn't approve and would end up bitching me out (again).
> > =)
>
> I've heard about it, amazin
On tisdagen den 13 augusti 2002 00.50 Vincent Danen wrote:
> On Sun Aug 11, 2002 at 02:26:39PM -0400, Oden Eriksson wrote:
>
> [...]
>
> > > > Or perhaps just ignore the privsep bsd shit and continue as before?,
> > > > the huge security hole is gone anyway...
> > >
> > > That's the problem.. you
On Fri Aug 09, 2002 at 04:34:46PM -0700, Ben Reser wrote:
> > Ok, blows have my argument away but strengthens my argument that the
> > openbsd team really don't know what they're doing.
> >
> > Why they would put their primary FTP site on Solaris when openbsd runs
> > just peachy on sparc is bey
On Sun Aug 11, 2002 at 02:26:39PM -0400, Oden Eriksson wrote:
[...]
> > > Or perhaps just ignore the privsep bsd shit and continue as before?, the
> > > huge security hole is gone anyway...
> >
> > That's the problem.. you can't. Disabling privsep doesn't remove it
> > from the code. The introd
On fredagen den 9 augusti 2002 16.28 Vincent Danen wrote:
> On Fri Aug 09, 2002 at 07:33:09PM -0400, Oden Eriksson wrote:
> > [...]
> >
> > > > The last problem _was_ with privsep disabled. It still does not work.
> > > > Sorry to ask but have you tested it? Chage user, set password change
> > > >
On Fri, Aug 09, 2002 at 02:25:11PM -0600, Vincent Danen wrote:
> Ok, blows have my argument away but strengthens my argument that the
> openbsd team really don't know what they're doing.
>
> Why they would put their primary FTP site on Solaris when openbsd runs
> just peachy on sparc is beyond me
On Fri Aug 09, 2002 at 07:33:09PM -0400, Oden Eriksson wrote:
> [...]
>
> > > The last problem _was_ with privsep disabled. It still does not work.
> > > Sorry to ask but have you tested it? Chage user, set password change
> > > time in the past and try to log in (using public key as in my case)
On Fri Aug 09, 2002 at 10:43:23AM -0700, David Walser wrote:
> > Why not refer to this? Is not the openbsd FTP site
> > running on
> > openbsd?
>
> Actually all the reports said it was (strangely)
> running Solaris, which is a POS for security. If
> that's true, it blows half your argument, al
--- Vincent Danen <[EMAIL PROTECTED]> wrote:
> Why not refer to this? Is not the openbsd FTP site
> running on
> openbsd?
Actually all the reports said it was (strangely)
running Solaris, which is a POS for security. If
that's true, it blows half your argument, although I
still agree with you.
On fredagen den 9 augusti 2002 12.48 Vincent Danen wrote:
> On Fri Aug 02, 2002 at 01:33:08PM +0400, Borsenkow Andrej wrote:
>
[...]
> > The last problem _was_ with privsep disabled. It still does not work.
> > Sorry to ask but have you tested it? Chage user, set password change
> > time in the
On Thu Aug 01, 2002 at 09:04:33PM +0200, Han wrote:
> > > that means that sshd in default installation has large bug. If
> > > privsep results in complete user lockout, then _PLEASE_ disable it
> > > by default.
> >
> > There are some little quirks with privsep and pam due to how privse
On Fri Aug 02, 2002 at 01:33:08PM +0400, Borsenkow Andrej wrote:
[...]
> > > Hmmm, I thought this was only a server side thing... Does your
> > sshd_config
> > > look like this "UsePrivilegeSeparation no" on the server, and (silly
> > > question) have you restarted the sshd (stop|start)?.
> >
>
> On Fridayen den 2 August 2002 12.19, Borsenkow Andrej wrote:
> > > > I have disabled it on server side. And I have restarted server
after
> >
> > it.
> >
> > > > With privsep enabled it fails differently (just closes
connection
> >
> > with
> >
> > > > different messages logged).
> > >
> > > Wha
On Fridayen den 2 August 2002 12.19, Borsenkow Andrej wrote:
> > > I have disabled it on server side. And I have restarted server after
>
> it.
>
> > > With privsep enabled it fails differently (just closes connection
>
> with
>
> > > different messages logged).
> >
> > What happens if you compile
> > I have disabled it on server side. And I have restarted server after
it.
> > With privsep enabled it fails differently (just closes connection
with
> > different messages logged).
>
> What happens if you compile the client without privsep?
>
Unfortunately, I have really no time to test it
On Fridayen den 2 August 2002 11.33, Borsenkow Andrej wrote:
> > On Thu Aug 01, 2002 at 03:16:35PM +0200, Oden Eriksson wrote:
> >
> > [...]
> >
> > > > > > > Disable privsep is another way to do it.
> > > > > >
> > > > > > that means that sshd in default installation has large bug. If
> > > >
> >
>
> On Thu Aug 01, 2002 at 03:16:35PM +0200, Oden Eriksson wrote:
>
> [...]
> > > > > > Disable privsep is another way to do it.
> > > > >
> > > > > that means that sshd in default installation has large bug. If
> > >
> > > privsep
> > >
> > > > > results in complete user lockout, then _PLEASE_
On Thu Aug 01, 2002 at 03:16:35PM +0200, Oden Eriksson wrote:
[...]
> > > > > Disable privsep is another way to do it.
> > > >
> > > > that means that sshd in default installation has large bug. If
> >
> > privsep
> >
> > > > results in complete user lockout, then _PLEASE_ disable it by
> >
> > d
On Thu Aug 01, 2002 at 03:02:38PM +0400, Borsenkow Andrej wrote:
> > > 20020426
> > > - (djm) Disable PAM password expiry until a complete fix for bug
> #188
> > >exists
> > >
> > > disable where?
> >
> > Disable privsep is another way to do it.
> >
>
> that means that sshd in default ins
On Thursdayen den 1 August 2002 13.59, Borsenkow Andrej wrote:
> > On Thursdayen den 1 August 2002 13.02, Borsenkow Andrej wrote:
> > > > On Thursdayen den 1 August 2002 10.03, Borsenkow Andrej wrote:
> > > > > 20020426
> > > > > - (djm) Disable PAM password expiry until a complete fix for
>
> bu
>
> On Thursdayen den 1 August 2002 13.02, Borsenkow Andrej wrote:
> > > On Thursdayen den 1 August 2002 10.03, Borsenkow Andrej wrote:
> > > > 20020426
> > > > - (djm) Disable PAM password expiry until a complete fix for
bug
> >
> > #188
> >
> > > >exists
> > > >
> > > > disable where?
> >
On Thursdayen den 1 August 2002 13.02, Borsenkow Andrej wrote:
> > On Thursdayen den 1 August 2002 10.03, Borsenkow Andrej wrote:
> > > 20020426
> > > - (djm) Disable PAM password expiry until a complete fix for bug
>
> #188
>
> > >exists
> > >
> > > disable where?
> >
> > Disable privsep is
> On Thursdayen den 1 August 2002 10.03, Borsenkow Andrej wrote:
>
> > 20020426
> > - (djm) Disable PAM password expiry until a complete fix for bug
#188
> >exists
> >
> > disable where?
>
> Disable privsep is another way to do it.
>
that means that sshd in default installation has large
On Thursdayen den 1 August 2002 10.03, Borsenkow Andrej wrote:
> 20020426
> - (djm) Disable PAM password expiry until a complete fix for bug #188
>exists
>
> disable where?
Disable privsep is another way to do it.
--
Regards // Oden Eriksson
Deserve-IT Networks -> http://d-srv.com
24 matches
Mail list logo