openssh unix dev - Oct 2002 - good news for solaris8 &3.4p1

Thanks go to Darren Tucker who posted about "#if 0" on auth-pam.c
I saw his email in the archive, about solaris 7.

I removed the "#if 0", and finally, password expiration works.

A caviat or two:

If UseLogin=no (the default) , if a user fails to use the
correct password for a "change on first login" account, you get the
following message:

  sshd(SYSTEM): Sorry, wrong passwd
  removing root credentials would break the rpc services that
  use secure rpc on this host!
  root may use keylogout -f to do this (at your own risk)!

On the other hand, if UseLogin=yes

  telnet(SYSTEM): Sorry, wrong passwd
  Connection to srvwfs01 closed.

I'm not exactly sure which is the preferred one to use here :-)
Any recommendations?


BTW: This was with making zero changes to the Solaris 8 /etc/pam.conf

Philip Brown wrote:
> On the other hand, if UseLogin=yes
[snip]
> I'm not exactly sure which is the preferred one to use here :-)
> Any recommendations?
You can't use X11 Forwarding with UseLogin. This may or may not matter
to you.

-- 
Darren Tucker (dtucker at zip.com.au)
GPG Fingerprint D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

On Mon, Oct 07, 2002 at 01:22:30PM -0700, Philip Brown
wrote:
> I'm not exactly sure which is the preferred one to use here :-)
> Any recommendations?
don't use UseLogin.