Darren Tucker
2004-Feb-06 06:20 UTC
Tru64 SIA authentication: can it be called after kerberos?
Hi All.
There have recently (well, today :-) been changes to OpenSSH Portable's
auth-passwd.c from OpenBSD to accomodate forced changes of expired
passwords. (Rabid password expirers shoulon't get excited yet, it's
currently bsdauth only, but support for other platforms should start
trickling in shortly).
As part of that, some individual platforms have gained their own
sys_auth_passwd functions. One that hasn't yet is SIA, because it would
mean changing its behaviour to be called *after* Kerberos.
Could someone confirm that this change (the patch attached) will work
with SIA, or explain why it can't be called after Kerberos? (The patch
will apply to snapshot 20040206 or later.)
The next step is to banish the sys_auth_passwd functions to their
respective platform files, which should clean things up somewhat.
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: openssh-sia-move.patch
Url:
http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20040206/bd3839d2/attachment.ksh
Chris Adams
2004-Feb-06 15:08 UTC
Tru64 SIA authentication: can it be called after kerberos?
Once upon a time, Darren Tucker <dtucker at zip.com.au> said:> As part of that, some individual platforms have gained their own > sys_auth_passwd functions. One that hasn't yet is SIA, because it would > mean changing its behaviour to be called *after* Kerberos. > > Could someone confirm that this change (the patch attached) will > work with SIA, or explain why it can't be called after Kerberos? (The > patch will apply to snapshot 20040206 or later.)I'll give this a look this weekend (today is going to be way too busy). However, I'm guessing it won't make any difference in my testing, because I don't have a Kerberos setup. -- Chris Adams <cmadams at hiwaay.net> Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble.
Apparently Analagous Threads
- PermitRootLogin and Tru64 SIA
- tru64 sia: move call of session_setup_sia() to do_setusercontext(), letting grantpty() and friends handle pty perms
- [Bug 933] compile problem on tru64 5.1A code outside of a #ifdef that should not be included on tru64
- OpenSSH 4.1: call for testing.
- [PATCH] PermitRootLogin woes