System Administration
cancel
Showing results for 
Search instead for 
Did you mean: 

SSHD_COFIG file attribute "UsePrivilegeSeparation" and interaction with PAM

 
SOLVED
Go to solution
john guardian
Super Advisor

SSHD_COFIG file attribute "UsePrivilegeSeparation" and interaction with PAM

Until recently, the customer has used SSHD with the "UsePrivilegeSeparation" attribute set to the default value (which also happens to be yes).

 

Recently, one of our SAs was asked to set up PAM on several systems as well. She claims that sshd and "UsePrivilegeSeparation" will not work (or at least causes problems) when used in conjunction with PAM.

 

Has anyone experienced any issues using both?

 

Thanks.

2 REPLIES
Matti_Kurkela
Honored Contributor
Solution

Re: SSHD_COFIG file attribute "UsePrivilegeSeparation" and interaction with PAM

I think early versions of the sshd privilege separation code had some problems, but I would expect that they have been fixed since then.

 

"Set up PAM"??? As far as I know, all the currently-supported versions of HP-UX have PAM as a mandatory component of the operating system, so you can't really have a system without a functioning PAM these days.

MK
john guardian
Super Advisor

Re: SSHD_CONFIG file attribute "UsePrivilegeSeparation" and interaction with PAM

This was a non-trusted sandbox for scripting. It's being re-purposed. As it's also currently only an 11.23 OS, I expect that it will be updated at some point to 11.31 running SMSE, which I do know will use PAM (/etc/default/security file with the UsePAM attribute set to YES).

 

Thanks.