===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/servconf.c,v
retrieving revision 1.89.2.3
retrieving revision 1.89.2.4
diff -u -r1.89.2.3 -r1.89.2.4
--- src/usr.bin/ssh/servconf.c	2002/03/08 15:17:18	1.89.2.3
+++ src/usr.bin/ssh/servconf.c	2002/05/17 00:03:24	1.89.2.4
@@ -10,7 +10,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: servconf.c,v 1.89.2.3 2002/03/08 15:17:18 brad Exp $");
+RCSID("$OpenBSD: servconf.c,v 1.89.2.4 2002/05/17 00:03:24 miod Exp $");
 
 #if defined(KRB4) || defined(KRB5)
 #include <krb.h>
@@ -36,6 +36,8 @@
 
 /* AF_UNSPEC or AF_INET or AF_INET6 */
 extern int IPv4or6;
+/* Use of privilege separation or not */
+extern int use_privsep;
 
 /* Initializes the server options to their default values. */
 
@@ -105,6 +107,9 @@
 	options->client_alive_count_max = -1;
 	options->authorized_keys_file = NULL;
 	options->authorized_keys_file2 = NULL;
+
+	/* Needs to be accessable in many places */
+	use_privsep = -1;
 }
 
 void
@@ -176,7 +181,7 @@
 		options->pubkey_authentication = 1;
 #if defined(KRB4) || defined(KRB5)
 	if (options->kerberos_authentication == -1)
-		options->kerberos_authentication = (access(KEYFILE, R_OK) == 0);
+		options->kerberos_authentication = 0;
 	if (options->kerberos_or_local_passwd == -1)
 		options->kerberos_or_local_passwd = 1;
 	if (options->kerberos_ticket_cleanup == -1)
@@ -188,7 +193,7 @@
 #endif
 #ifdef AFS
 	if (options->afs_token_passing == -1)
-		options->afs_token_passing = k_hasafs();
+		options->afs_token_passing = 0;
 #endif
 	if (options->password_authentication == -1)
 		options->password_authentication = 1;
@@ -225,6 +230,10 @@
 	}
 	if (options->authorized_keys_file == NULL)
 		options->authorized_keys_file = _PATH_SSH_USER_PERMITTED_KEYS;
+
+	/* Turn privilege separation _off_ by default */
+	if (use_privsep == -1)
+		use_privsep = 0;
 }
 
 /* Keyword tokens. */
@@ -254,6 +263,7 @@
 	sBanner, sVerifyReverseMapping, sHostbasedAuthentication,
 	sHostbasedUsesNameFromPacketOnly, sClientAliveInterval,
 	sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2,
+	sUsePrivilegeSeparation,
 	sDeprecated
 } ServerOpCodes;
 
@@ -326,6 +336,7 @@
 	{ "clientalivecountmax", sClientAliveCountMax },
 	{ "authorizedkeysfile", sAuthorizedKeysFile },
 	{ "authorizedkeysfile2", sAuthorizedKeysFile2 },
+	{ "useprivilegeseparation", sUsePrivilegeSeparation},
 	{ NULL, sBadOption }
 };
 
@@ -694,6 +705,10 @@
 
 	case sAllowTcpForwarding:
 		intptr = &options->allow_tcp_forwarding;
+		goto parse_flag;
+
+	case sUsePrivilegeSeparation:
+		intptr = &use_privsep;
 		goto parse_flag;
 
 	case sAllowUsers: