dknodel at csc.com.au
2002-Sep-26 02:00 UTC
Portable openssh integration with PAM on HP-UX 11.X Trusted System
Hi.
I was wondering a couple things relating to PAM authentication:
1. I found that expired passwords caused authentication failure, rather
than the expected behaviour of forcing a paswword change. After perusing
the auth-pam.c file (as it appears in openssh-3.4p1), I found that the
reason is that the case for the relevant return value (PAM_AUTHTOKEN_REQD)
from pam_acct_mgmt is wrapped with "#if 0 ... #endif"; does this
mean
that handling for it is essentially there, and will be enabled soon when
it's all in & tested, or have I missed a configuration step that I
should've performed to enable it?
2. If a user's password is about to expire (interval configured with
u_pw_expire_warning from prpwd(4) in Trusted systems), they receive a
little message to that effect (apparently spat out by login(1)). Is there
a PAM-related function that can do this (that can be invoked by sshd), or
is it a HP-UX trusted-system related step that would have to be handled
directly (eg. via the getprpwnam function, and doing a little calculation)?
Any information you've got will be greatly appreciated...
Cheers,
David Knodel
__________________________________________________
CSC
Ph: 08 9429 6424 Email: dknodel at csc.com.au
----------------------------------------------------------------------------------------
Reasonably Related Threads
- Option to limiting sshd "banner" to interactive/password-auth/tty (or something along those lines) sessions
- Variable declarations in xcrypt.c
- Good procedure?
- [Bug 184] New: 3.1p1 openssh fails to build a working sshd on Trusted HP-UX 10.26
- Samba, ldap, password complexity, cracklib - questions
Wisdom of the Ancients
