https://bugzilla.mindrot.org/show_bug.cgi?id=2358
Damien Miller <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |[email protected] --- Comment #3 from Damien Miller <[email protected]> --- (In reply to Darren Tucker from comment #1) > Thinking about this one I think it would be possible to fit into the > Match framework but I'm struggling to think of an example of where > it would actually be useful. Why would you want to do such a thing? > > As for security implications: it might upset privsep (in general it > does not allow changing of usernames once started). It would have > to be explicitly configured by the system administrator. I know of one case where system administrators wanted to implement a "catch-all" user. They did this by hacking getpwnamallow() to lookup a single account for all users. We could do a "ForceUser" option that did something similar I guess. it does mean that authctxt->user wouldn't be the same as authctxt->pw->pw_name and a couple of things depend on this, e.g. s/key -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug. _______________________________________________ openssh-bugs mailing list [email protected] https://lists.mindrot.org/mailman/listinfo/openssh-bugs
