bugzilla-daemon at mindrot.org
2005-Dec-19 15:34 UTC
[Bug 1136] User not logged off after forced password change in AIX 5.3
http://bugzilla.mindrot.org/show_bug.cgi?id=1136 Summary: User not logged off after forced password change in AIX 5.3 Product: Portable OpenSSH Version: 4.1p1 Platform: PPC OS/Version: AIX Status: NEW Severity: normal Priority: P2 Component: ssh AssignedTo: bitbucket at mindrot.org ReportedBy: sbassle at alleghenyenergy.com When logging into an account where a password change is required, the user is prompted for the password change but is not logged off afterward. The password is changed correctly. The following message apprears in the syslog after the new password is entered for the second time, and then again a few seconds later: auth|security:err|error sshd[23438]: error: getsockname failed: A file descriptor does not refer to an open file. This happens any time root changes the user's password (i.e. the ADMCHG flag is set). I do not know if it happens when the password expires. Environment: AIX 5.3.03 OpenSSH_4.1p1, OpenSSL 0.9.7g 11 Apr 2005 OpenSSH was downloaded from IBM's Sourceforge "OpenSSH on AIX" project (http://sourceforge.net/projects/openssh-aix) I do not know what compile options were used. sshd_config options and sshd debug output will be attached. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2005-Dec-19 15:41 UTC
[Bug 1136] User not logged off after forced password change in AIX 5.3
http://bugzilla.mindrot.org/show_bug.cgi?id=1136 ------- Comment #1 from sbassle at alleghenyenergy.com 2005-12-20 02:41 ------- Created an attachment (id=1045) --> (http://bugzilla.mindrot.org/attachment.cgi?id=1045&action=view) sshd debug output sshd -ddd output for both normal and forced password change sessions ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2005-Dec-19 15:45 UTC
[Bug 1136] User not logged off after forced password change in AIX 5.3
http://bugzilla.mindrot.org/show_bug.cgi?id=1136 ------- Comment #2 from sbassle at alleghenyenergy.com 2005-12-20 02:45 ------- Created an attachment (id=1046) --> (http://bugzilla.mindrot.org/attachment.cgi?id=1046&action=view) sshd_config ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2005-Dec-19 15:46 UTC
[Bug 1136] User not logged off after forced password change in AIX 5.3
http://bugzilla.mindrot.org/show_bug.cgi?id=1136 ------- Comment #3 from sbassle at alleghenyenergy.com 2005-12-20 02:46 ------- Created an attachment (id=1047) --> (http://bugzilla.mindrot.org/attachment.cgi?id=1047&action=view) ssh_config ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2005-Dec-19 23:42 UTC
[Bug 1136] User not logged off after forced password change in AIX 5.3
http://bugzilla.mindrot.org/show_bug.cgi?id=1136 ------- Comment #4 from dtucker at zip.com.au 2005-12-20 10:42 ------- IBM's packages have modifications in them and I don't know exactly what those are. Does the problem occur with 4.2p1 built from the source from http://openssh.com? ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2005-Dec-20 12:01 UTC
[Bug 1136] User not logged off after forced password change in AIX 5.3
http://bugzilla.mindrot.org/show_bug.cgi?id=1136 ------- Comment #5 from sbassle at alleghenyenergy.com 2005-12-20 23:00 ------- (In reply to comment #4)> IBM's packages have modifications in them and I don't know exactly what those > are. > Does the problem occur with 4.2p1 built from the source from > http://openssh.com?I don't know. I had been rolling my own for years, but decided to use IBM's package because I tried two or three times, but was not able to compile 4.1 myself. When I get some time, I'll try again with 4.2. Is IBM's source not available? ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2005-Dec-20 12:26 UTC
[Bug 1136] User not logged off after forced password change in AIX 5.3
http://bugzilla.mindrot.org/show_bug.cgi?id=1136 ------- Comment #6 from dtucker at zip.com.au 2005-12-20 23:25 ------- (In reply to comment #5)> I don't know. I had been rolling my own for years, but decided to use IBM's > package because I tried two or three times, but was not able to compile 4.1 > myself. When I get some time, I'll try again with 4.2."The source won't compile" is something we can help with, but "some else's binaries don't work" isn't. I test regularly on AIX with gcc so that usually works, however I no longer have access to any of the IBM native compilers (xlc, vac). I don't have access to a 5.3 box though, so it could be something peculiar to that version. Alternatively, I provide precompiled packages of the vanilla source (the most recent one also being 4.1, I never got around to packaging 4.2) at http://www.zip.com.au/~dtucker/openssh/ . If you trust me (but you shouldn't :-) you could use these on a test box to quickly determine whether or not the problem exists in an unmodified sshd.> Is IBM's source not available?There's source (or diffs, I forget which) for some older versions of the package but not the current ones. I'm reasonably sure that there are some additional changes between the the versions for which source is available. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
Maybe Matching Threads
- [Bug 1136] User not logged off after forced password change in AIX 5.3
- [RESOLVED, in 'findssl.sh'] Re: openssh-4.1p1 on OSX 10.4.1 w/ openssl-0.9.8 NOT FINDING -lcrypto
- Conflict between LDAP and Privilege Separation?
- [Bug 1136] New: nft dump and -f are not perfect inverses
- [Bug 1468] New: sshd does not log failed attempts using key-based authentication only