From owner-freebsd-stable  Thu Jul  4  7:16:44 2002
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 4A73E37B400
	for <freebsd-stable@freebsd.org>; Thu,  4 Jul 2002 07:16:41 -0700 (PDT)
Received: from mail.dt.e-technik.uni-dortmund.de (krusty.dt.E-Technik.Uni-Dortmund.DE [129.217.163.1])
	by mx1.FreeBSD.org (Postfix) with ESMTP id CC05343E4A
	for <freebsd-stable@freebsd.org>; Thu,  4 Jul 2002 07:16:40 -0700 (PDT)
	(envelope-from matthias.andree@gmx.de)
Received: from m2a2.myip.org (localhost [127.0.0.1])
	by mail.dt.e-technik.uni-dortmund.de (Postfix) with ESMTP id 293FCA3831
	for <freebsd-stable@freebsd.org>; Thu,  4 Jul 2002 16:16:39 +0200 (CEST)
Received: by merlin.emma.line.org (Postfix, from userid 500)
	id DCB4941653; Thu,  4 Jul 2002 16:16:34 +0200 (CEST)
To: freebsd-stable@freebsd.org
Subject: Re: HEADS UP: FreeBSD-STABLE now has OpenSSH 3.4p1
References: <xzpd6u42utq.fsf@flood.ping.uio.no>
In-Reply-To: <xzpd6u42utq.fsf@flood.ping.uio.no> (Dag-Erling Smorgrav's
 message of "04 Jul 2002 02:36:01 +0200")
From: Matthias Andree <matthias.andree@gmx.de>
Date: Thu, 04 Jul 2002 16:16:34 +0200
Message-ID: <m3r8ij60jh.fsf@merlin.emma.line.org>
Lines: 16
User-Agent: Gnus/5.090007 (Oort Gnus v0.07) Emacs/21.1 (i686-pc-linux-gnu)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-stable.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-stable>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-stable>
X-Loop: FreeBSD.ORG

Dag-Erling Smorgrav <des@ofug.org> writes:

> I finished the upgrade a little over an hour ago, and my post-commit
> buildworld just completed.  It should now be safe to upgrade.
>
> Privilege separation is turned off by default, because it breaks
> Kerberos ticket passing.  If you don't use ticket passing, or don't
> know what Kerberos is, it should be safe to turn privilege separation
> on in /etc/ssh/sshd_config (after make world and mergemaster, of
> course.)

Might it be useful to add a parameter to make.conf to choose whether you
want to pass Kerberos tickets or Privilege Separation?

-- 
Matthias Andree

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message