Date: Tue, 3 Sep 2013 17:43:59 +0400 From: Lev Serebryakov <lev@FreeBSD.org> To: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@des.no> Cc: freebsd-security@FreeBSD.org, Slawa Olhovchenkov <slw@zxy.spb.ru> Subject: Re: OpenSSH, PAM and kerberos Message-ID: <1734535072.20130903174359@serebryakov.spb.ru> In-Reply-To: <8661uiujin.fsf@nine.des.no> References: <86sixrwdcv.fsf@nine.des.no> <20130830131455.GW3796@zxy.spb.ru> <8661uj9lc6.fsf@nine.des.no> <20130902181754.GD3796@zxy.spb.ru> <867geywdfc.fsf@nine.des.no> <20130903083301.GF3796@zxy.spb.ru> <86y57euu8y.fsf@nine.des.no> <20130903093756.GG3796@zxy.spb.ru> <86ppsqutw7.fsf@nine.des.no> <998724759.20130903142637@serebryakov.spb.ru> <20130903103922.GI3796@zxy.spb.ru> <6110257289.20130903145034@serebryakov.spb.ru> <86d2oquopo.fsf@nine.des.no> <226539732.20130903154908@serebryakov.spb.ru> <8661uiujin.fsf@nine.des.no>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello, Dag-Erling. You wrote 3 =D1=81=D0=B5=D0=BD=D1=82=D1=8F=D0=B1=D1=80=D1=8F 2013 =D0=B3., = 17:22:56: DES> sshd is just one of many applications in the system. Ooops. I think, have ONE daemon to provide ALL authentication is bad idea. It crashes. After that you could not login via console, sshd, telnet, whatever! Only one way -- reboot server via power button... Not good. >> One more daemon -- one more point of failure... DES> Or you can look at it the other way around: less copy-pasting between DES> applications and far fewer chances to screw it up. login(1) works. It means, that console and telnet works. ftpd(8) doesn't need such excessive session support (single login via ftp? Are you kidding?). So, only sshd(8) is broken. And change (dramatically) well-known programs (like login(1)) and introduce new subsystem to fix bug (it is really a bug) in sshd? I don't think it is sane way to do things. --=20 // Black Lion AKA Lev Serebryakov <lev@FreeBSD.org>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1734535072.20130903174359>