On AIX 4.3.3 and AIX 5.1, the last successful and unsuccessful logins are no longer printer prior to the motd with either the stock openssh-3.7.1p2 or Darren's openssh-3.7.1p2-pwexp24.patch. In both cases it appears that the loginsuccess() call (auth-passwd.c stock or auth.c Darren's patch) is returning -1 and msg is not appended to loginmsg. /etc/security/lastlog is updated despite the negative return code from loginsuccess(). I am not using privilege separation. The last successful and unsuccessful logins are printed using openssh-3.6.1p2. James O'Connor IBM Global Services jpoc at us.ibm.com
James O'Connor wrote:> > On AIX 4.3.3 and AIX 5.1, the last successful and unsuccessful logins are > no longer printer prior to the motd with either the stock openssh-3.7.1p2 > or Darren's openssh-3.7.1p2-pwexp24.patch. In both cases it appears that > the loginsuccess() call (auth-passwd.c stock or auth.c Darren's patch) is > returning -1 and msg is not appended to loginmsg. /etc/security/lastlog > is updated despite the negative return code from loginsuccess(). I am not > using privilege separation. The last successful and unsuccessful logins > are printed using openssh-3.6.1p2.What password registry does the account use? If you put "return;" at the top of aix_setauthdb() in openbsd-compat/port-aix.c does that make the difference? (after recompiling, obviously.) -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.
Darren Tucker wrote:> What password registry does the account use? If you put "return;" atthe> top of aix_setauthdb() in openbsd-compat/port-aix.c does that make the > difference? (after recompiling, obviously.)Running sshd at debug level 3 shows: debug3: aix_setauthdb: AIX/setauthdb set registry to AFS After inserting "return;" at the top of aix_setauthdb() in openbsd-compat/port-aix.c, loginsuccess() returns successfully and the last successful and unsuccessful logins are printed prior to the motd. If I short circuit the aix_setauthdb() routine, will that cause any problems? Thanks for the help and the excellent password expiry patch! James O'Connor