I've compiled 3.7.1p2 on AIX 5.1 w/pam compiled in, but not enable in the sshd_config. Also applied Darrens 3.7.1p2 patch25. I am having issues w/password aging when maxage is set to anything >0. i dont believe this function was ever working (at least not in 3.5p1). Can anyone verify this? Thanks, Ryan __________________________________ Do you Yahoo!? Protect your identity with Yahoo! Mail AddressGuard http://antispam.yahoo.com/whatsnewfree
Ryan Robertson wrote:> > I've compiled 3.7.1p2 on AIX 5.1 w/pam compiled in, > but not enable in the sshd_config. Also applied > Darrens 3.7.1p2 patch25. I am having issues w/password > aging when maxage is set to anything >0. i dont > believe this function was ever working (at least not > in 3.5p1). > Can anyone verify this?Does it work if compiled without PAM? -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.
On Wed, 12 Nov 2003, Ryan Robertson wrote:> I've compiled 3.7.1p2 on AIX 5.1 w/pam compiled in, > but not enable in the sshd_config. Also applied > Darrens 3.7.1p2 patch25. I am having issues w/password > aging when maxage is set to anything >0. i dont > believe this function was ever working (at least not > in 3.5p1). > Can anyone verify this? >Please describe your problem in details. What exactly issues are you experiencing? The thing is that I have problems with password aging in stock openssh 3.7.1p2 with pam support both compiled in and enabled. When yser whose password has expired tries to log in the connection is being closed immediately after he enters his password. System logs contain messages as follows. Nov 5 18:48:51 pokemon sshd(pam_unix)[25216]: password - (old) token not obtained Nov 5 18:48:51 pokemon sshd[25216]: fatal: PAM: pam_chauthtok(): Authentication token manipulation error -- Sincerely Your, Dan.
Actually, I stand corrected: I was accidentally running the older version of sshd instead of the one i was compiling. I did verify that both patch 24&25 do respect password aging. To clarify I was trying to login as a user that i knew had a password which was more than one week old. In theory AIX is supposed to lock you out if maxage=1, but it (sshd 3.5) didnt. Now if you have maxage=2, one week prior to your password expiring, it will remind you. Thanks again, Ryan __________________________________ Do you Yahoo!? Protect your identity with Yahoo! Mail AddressGuard http://antispam.yahoo.com/whatsnewfree
Maybe Matching Threads
- Xapian 1.4.0 released
- PAM_LDAP fails with 3.7.1p2 when Shadow password installed on HP-UX 11.11
- [Bug 869] Password expiration does not work for LDAP users
- occassional problem wtih upslog and apc ups units via snmp ... [NA] status
- Security - ssh allows unintended access on AIX