$NetBSD: patch-al,v 1.9 2010/02/18 08:04:35 martti Exp $ --- auth1.c.orig 2008-07-09 19:54:05.000000000 +0900 +++ auth1.c @@ -320,7 +320,7 @@ do_authloop(Authctxt *authctxt) #ifndef HAVE_CYGWIN /* Special handling for root */ - if (authenticated && authctxt->pw->pw_uid == 0 && + if (authenticated && authctxt->pw->pw_uid == ROOTUID && !auth_root_allowed(meth->name)) { authenticated = 0; # ifdef SSH_AUDIT_EVENTS @@ -418,8 +418,8 @@ do_authentication(Authctxt *authctxt) * If we are not running as root, the user must have the same uid as * the server. */ -#ifndef HAVE_CYGWIN - if (!use_privsep && getuid() != 0 && authctxt->pw && +#if !defined(HAVE_CYGWIN) && !defined(HAVE_INTERIX) + if (!use_privsep && getuid() != ROOTUID && authctxt->pw && authctxt->pw->pw_uid != getuid()) packet_disconnect("Cannot change user when server not running as root."); #endif