From: dtucker <dtucker>
Date: Tue, 7 Nov 2006 00:28:40 +0000 (+0000)
Subject:  - (dtucker) [sshd.c] Use privsep_pw if we have it, but only require it
X-Git-Tag: V_4_5_P1~5
X-Git-Url: http://andersk.mit.edu/gitweb/openssh.git/commitdiff_plain/4d02b823ae59e3f986005c11f7dfab3c1d38ec62

 - (dtucker) [sshd.c] Use privsep_pw if we have it, but only require it
   if we absolutely need it.  Pointed out by Corinna, ok djm@
---

diff --git a/ChangeLog b/ChangeLog
index 96755006..68096c1b 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+20061107
+ - (dtucker) [sshd.c] Use privsep_pw if we have it, but only require it
+   if we absolutely need it.  Pointed out by Corinna, ok djm@
+
 20061105
  - (djm) OpenBSD CVS Sync
    - otto@cvs.openbsd.org 2006/10/28 18:08:10
diff --git a/sshd.c b/sshd.c
index 06ec03b2..a5fa9e4e 100644
--- a/sshd.c
+++ b/sshd.c
@@ -1431,14 +1431,17 @@ main(int ac, char **av)
 
 	debug("sshd version %.100s", SSH_RELEASE);
 
-	/* Store privilege separation user for later use */
-	if ((privsep_pw = getpwnam(SSH_PRIVSEP_USER)) == NULL)
-		fatal("Privilege separation user %s does not exist",
-		    SSH_PRIVSEP_USER);
-	memset(privsep_pw->pw_passwd, 0, strlen(privsep_pw->pw_passwd));
-	privsep_pw = pwcopy(privsep_pw);
-	xfree(privsep_pw->pw_passwd);
-	privsep_pw->pw_passwd = xstrdup("*");
+	/* Store privilege separation user for later use if required. */
+	if ((privsep_pw = getpwnam(SSH_PRIVSEP_USER)) == NULL) {
+		if (use_privsep || options.kerberos_authentication)
+			fatal("Privilege separation user %s does not exist",
+			    SSH_PRIVSEP_USER);
+	} else {
+		memset(privsep_pw->pw_passwd, 0, strlen(privsep_pw->pw_passwd));
+		privsep_pw = pwcopy(privsep_pw);
+		xfree(privsep_pw->pw_passwd);
+		privsep_pw->pw_passwd = xstrdup("*");
+	}
 	endpwent();
 
 	/* load private host keys */