At 17:29 16.02.00 +0100, Sevo Stille wrote:
>Moshe Levy wrote:
>
>> the problem is that if i use ssh to login, then the user is not geting
>> any audit ID. (if i login via telnet then its working fine)
>> any idea how can it be solved, using ssh ?
>
>"UseLogin yes" in sshd_config might help. Provided that the audit ID is
>handled by login.
>
>Sevo
>
ssh (1/2) use his own login procedure. The functionality is the same
as the system login from Solaris WITHOUT the initialisation of the
audit environment (auditid, audit pmask ...).
If you use ssh1 you can set "UseLogin yes". The ssh1 daemon will use
the system login from Solaris for doing the login procedure.
But ONLY for INTERACTIVE sessions (like telnet) the system login
will be used.
If you use ssh2, the "UseLogin" switch is not available for further use.
No audit is supported.
For full audit support in ssh (1/2) the sources must be patched with
the necessary audit functions ;-).
BTW, you have the same problems with (non system) FTP damons
and XDM's (dtlogin supports audit).
Birk
---------------------
secunet
Security Networks AG Fon/Fax: (03 51) 4 39 59-30/59
Ammonstrasse 72 Mobil: (01 71) 2 20 83 79
01067 Dresden E-Mail: [EMAIL PROTECTED]
URL: www.secunet.de
