search for: failedlogin

Hello Ive downloaded OpenSSH 4.1p1 from the portable openssh web pages... Compiled it up for an AIX 5.1 host (with latest IBM maintenance patches applied) using defaults in all cases. When doing a successful SSH authentication it places an entry into /etc/security/failedlogin as well as /var/adm/wtmp Ive also tried adding "UseLogin yes" to the sshd_config PAM ISNT configured (infact sshd says the UsePAM option in the config file is illegal) None of the other "access methods", for instance telnet add a failedlogin entry unless the user fails a passw...

...though the password has expired either from age or after being reset by a security analyst. 2. Doesn't update AIX's "failed login count", consequently the ID is not locked after 5 invalid login attempts. 3. Doesn't record the failed login in AIX's failedlogin log. 4. Doesn't post logged in users to the wtmp file causing it to appear as if no one is logged in. 5. Corrupts the file that stores the last login date for users making it impossible to lock or remove accounts for inactivity. 6. Doesn't honor the /etc/f...

.... Suggestion: In AIX the loginfailed() subroutine should be called if and only if the user enters a wrong password: From man loginfailed: ..."A login failure audit record is cut to indicate that an unsuccessful login attempt occurred. A utmp entry is appended to /etc/security/failedlogin file, which tracks all failed login attempts." ... So it seems that in auth1.c the loginfailed() subroutine is on the wrong place. It should be immediately after the password-authentication. Bug-Fix: The following fix works for us: ------------------------------------------------...

...Platform: PPC OS/Version: AIX Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: openssh-unix-dev at mindrot.org ReportedBy: berry.perzon at nogui.se Under AIX, all failed logins are recorded in /etc/security/failedlogin. If I try to login with ex telnet, the logfile is uppdated, but when I use openSSH, no information is added to the logfile. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=355 ------- Additional Comments From dtucker at zip.com.au 2002-08-25 18:10 ------- It looks like the call to loginsuccess() fails because it's done as a non-privileged user. This is bad because in addition to generating the message it also clears the failed login counter that leads to account lockout. The following patch fixes it for me

...o. It doesn't matter whether it is AFS, DFS, SecureID, local. 2) loginsuccess - this function will log to /etc/security/lastlog as well as clear the failed logins. 3) loginfailed - this function will increase the number of failed logins and update /etc/security/lastlog and /etc/security/failedlogins. 4) loginrestrictions - this function will determine if a user is allowed to login (ie too many failed logins, account disabled, etc). This function is used in conjunction with authenticate. 5) SOCKS5 and SOCKS4 support. 6) Support for the system random function instead of egd or /dev/ura...