dknodel at csc.com.au
2002-Sep-26 02:00 UTC
Portable openssh integration with PAM on HP-UX 11.X Trusted System
Hi. I was wondering a couple things relating to PAM authentication: 1. I found that expired passwords caused authentication failure, rather than the expected behaviour of forcing a paswword change. After perusing the auth-pam.c file (as it appears in openssh-3.4p1), I found that the reason is that the case for the relevant return value (PAM_AUTHTOKEN_REQD) from pam_acct_mgmt is wrapped with "#if 0 ... #endif"; does this mean that handling for it is essentially there, and will be enabled soon when it's all in & tested, or have I missed a configuration step that I should've performed to enable it? 2. If a user's password is about to expire (interval configured with u_pw_expire_warning from prpwd(4) in Trusted systems), they receive a little message to that effect (apparently spat out by login(1)). Is there a PAM-related function that can do this (that can be invoked by sshd), or is it a HP-UX trusted-system related step that would have to be handled directly (eg. via the getprpwnam function, and doing a little calculation)? Any information you've got will be greatly appreciated... Cheers, David Knodel __________________________________________________ CSC Ph: 08 9429 6424 Email: dknodel at csc.com.au ----------------------------------------------------------------------------------------
Reasonably Related Threads
- Option to limiting sshd "banner" to interactive/password-auth/tty (or something along those lines) sessions
- Variable declarations in xcrypt.c
- Good procedure?
- [Bug 184] New: 3.1p1 openssh fails to build a working sshd on Trusted HP-UX 10.26
- Samba, ldap, password complexity, cracklib - questions