Date: Sun, 5 Sep 2021 10:42:45 -0400 From: Ed Maste <emaste@freebsd.org> To: Benjamin Kaduk <kaduk@mit.edu> Cc: FreeBSD Hackers <freebsd-hackers@freebsd.org> Subject: Re: OpenSSH 8.7p1 update for the base system Message-ID: <CAPyFy2BRv5QC%2Bs89oTW5xfECM2bSjs0QCWQ19kRW=PXx0LdQbQ@mail.gmail.com> In-Reply-To: <20210905040341.GG96301@kduck.mit.edu> References: <CAPyFy2A390kS_C3g=Y9QhQcJ06z_FKUxXsNvi9g2CdWF24pukg@mail.gmail.com> <20210905040341.GG96301@kduck.mit.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 5 Sept 2021 at 00:04, Benjamin Kaduk <kaduk@mit.edu> wrote: > > Hi Ed, > > I'm not sure whether this would be something for the release notes or not, > but I believe that making privilege separation mandatory causes GSSAPI > credential delegation to essentially not work. I think privilege separation became mandatory in 7.5p1, imported in d93a896ef959 in 2017. Thus I believe this hasn't been functional for quite some time; am I mistaken? It should still be documented, even if it's well after the fact. I think it's also worth trying to fix, although I'm not sure if I will have time to work on it.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAPyFy2BRv5QC%2Bs89oTW5xfECM2bSjs0QCWQ19kRW=PXx0LdQbQ>