You guys who are compiling Apache: Are you trying to get mod_auth_pam working? If so, what have you done to do it? My attempts fail, but I can't find the correct sources for it.
I'd love to hear how you're doing it. Matthew Nuzum www.bearfruit.org [EMAIL PROTECTED] > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:cobalt-security- > [EMAIL PROTECTED]] On Behalf Of Michael Stauber > Sent: Tuesday, June 25, 2002 4:06 PM > To: [EMAIL PROTECTED] > Subject: Re: [cobalt-security] Significant OpenSSH Vulnerability ?? > > Hi Jelmer, > > > I compiled OpenSSH-3.3p1 today on a Raq4i. I had to recompile openSSL > too, > > because the cobalt dist had no static libcrypto installed. (see below) > > I usually compile a newer openssl-0.9.6d and zlib-1.1.4 in /opt and do not > "make install" on 'em. Then I compile Openssh and statically link 'em > against > the openssl and zlib which I have in /opt > > That makes sure that the older Openssl on the RaQs is not overwritten as > that > might cause problems with other applications which dynamically link > against > them. > > > After this and some option-setting Privege separation seems to work > fine. > > Correct. That's what I did in my PKGs for the RaQ3, RaQ4, Qube3 and XTR as > well: compile OpenSSH *with* PrivSep and then disable it specifically in > sshd_config > > Only on the RaQ550 I leave PrivSep enabled as it seems to work fine over > there > (2.4-Kernel sure helps). > > Here are my OpenSSH-3.3p1 compile options: > > ./configure --prefix=/usr \ > --sysconfdir=/etc/ssh \ > --with-ssl-dir=/opt/openssl-0.9.6d \ > --with-zlib=/opt/zlib-1.1.4 \ > --libexecdir=/usr/libexec/openssh \ > --with-ipv4-default \ > --with-pam=/lib/security \ > --with-md5-passwords \ > --with-default-path=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin \ > --with-privsep-user=nobody \ > --with-privsep-path=/home/sites > > > My next project will be compiling Apache 2.X, together with mod_perl, a > new > > perl (needed too), and php. > > I'm not sure if that's a wise idea. So far I still doubt the stability of > Apache 2.X a little, but by all means I'd be interested in your progress > on > that if you decide to give it a go. > > FWIW: Compiling and running Apache-1.3.26 isn't that big of an issue if > you > can afford to do without Chilisoft and Frontpage support. Aside from that > it's still possible to run the AdmServ. > > > -- > > Mit freundlichen Grüßen / With best regards > > Michael Stauber > [EMAIL PROTECTED] > Unix/Linux Support Engineer > > _______________________________________________ > cobalt-security mailing list > [EMAIL PROTECTED] > http://list.cobalt.com/mailman/listinfo/cobalt-security _______________________________________________ cobalt-developers mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-developers
