On Tuesday 16 September 2003 9:47 pm, Roman Drahtmueller wrote:
Please note that we have disabled the Privilege Separation feature in the ssh daemon (sshd) with this update. The PrivSep feature is designed to have parts of the ssh daemon's work running under lowered privileges, thereby limiting the effect of a possible vulnerability in the code. The PrivSep feature is turned on/off by the UsePrivilegeSeparation keyword in sshd's configuration file /etc/ssh/sshd_config. The feature is held responsible for malfunctions in PAM (Pluggable Authentification Modules). The update mechanism will not overwrite configuration files that have been altered after the package installation.
Why has this been disabled? As part of the CERT advisory it recommends that it is on. http://www.cert.org/advisories/CA-2003-24.html Cheers, Jon -- SuSE Linux 8.2 (i586) Linux 2.4.20-4GB-athlon ruby 1.8.0 (2003-09-10) [i686-linux]