- (dtucker) [sshd.c] Use privsep_pw if we have it, but only require it

   if we absolutely need it.  Pointed out by Corinna, ok djm@

diff --git a/ChangeLog b/ChangeLog
index 967550065f8619ba208646c0a87ef4d023a22a7f..68096c1b325621fddc65533a9aac5d7f8163b0a2 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+20061107
+ - (dtucker) [sshd.c] Use privsep_pw if we have it, but only require it
+   if we absolutely need it.  Pointed out by Corinna, ok djm@
+
 20061105
  - (djm) OpenBSD CVS Sync
    - otto@cvs.openbsd.org 2006/10/28 18:08:10

diff --git a/sshd.c b/sshd.c
index 06ec03b2041fe2e49cfd63ca7d46c79083f885de..a5fa9e4eb1ab4da9f153d8defe93fc4f1ba9458e 100644 (file)
--- a/sshd.c
+++ b/sshd.c
@@ -1431,14 +1431,17 @@ main(int ac, char **av)
 
        debug("sshd version %.100s", SSH_RELEASE);
 
-       /* Store privilege separation user for later use */
-       if ((privsep_pw = getpwnam(SSH_PRIVSEP_USER)) == NULL)
-               fatal("Privilege separation user %s does not exist",
-                   SSH_PRIVSEP_USER);
-       memset(privsep_pw->pw_passwd, 0, strlen(privsep_pw->pw_passwd));
-       privsep_pw = pwcopy(privsep_pw);
-       xfree(privsep_pw->pw_passwd);
-       privsep_pw->pw_passwd = xstrdup("*");
+       /* Store privilege separation user for later use if required. */
+       if ((privsep_pw = getpwnam(SSH_PRIVSEP_USER)) == NULL) {
+               if (use_privsep || options.kerberos_authentication)
+                       fatal("Privilege separation user %s does not exist",
+                           SSH_PRIVSEP_USER);
+       } else {
+               memset(privsep_pw->pw_passwd, 0, strlen(privsep_pw->pw_passwd));
+               privsep_pw = pwcopy(privsep_pw);
+               xfree(privsep_pw->pw_passwd);
+               privsep_pw->pw_passwd = xstrdup("*");
+       }
        endpwent();
 
        /* load private host keys */