Displaying 17 results from an estimated 17 matches for "has_shadow_expir".
Did you mean:
has_shadow_expire
2007 Sep 19
1
sp_expire is 0 in QNX Neutrino
...base properly. Apart from
misdocumenting /etc/shadow as having 4
fields when in fact it has 5 (including
the "last changed" field), its getspnam()
fills in the sp_expire field of the spwd
structure with 0. And since by default,
shadow support is enabled and the
configure script turns on HAS_SHADOW_EXPIRE
when it finds that field, the built sshd
ends up refusing all connections on the
grounds of an expired account.
I have dealt with this temporarily by
hacking as follows:
========== cut =========
*** auth-shadow.c.was Sun Apr 29 02:10:58 2007
--- auth-shadow.c Wed Sep 19 01:04:18 2007
***...
2003 Jan 07
2
Test for locked account in auth.c (bug #442).
Hi Damien,
I noticed you merged a couple of ifdefs in the fix for bug #442. The
cvs comment says "Fix Bug #442 for PAM case". The code is now roughly:
#if !defined(USE_PAM) && defined(HAVE_SHADOW_H) && \
!defined(DISABLE_SHADOW) && defined(HAS_SHADOW_EXPIRE)
spw = getspnam(pw->pw_name);
passwd = spw->sp_pwdp;
#else
passwd = pw->pw_passwd;
#endif
[test for locked passwd entry]
If the platform is using PAM, /etc/passwd is checked regardless of
whether or not it actually has /etc/shadow.
If the platform has /etc/sha...
2003 Sep 30
1
[Bug 723] Password expire not working properly
http://bugzilla.mindrot.org/show_bug.cgi?id=723
Summary: Password expire not working properly
Product: Portable OpenSSH
Version: -current
Platform: Sparc
OS/Version: Solaris
Status: NEW
Severity: major
Priority: P2
Component: Build system
AssignedTo: openssh-bugs at mindrot.org
ReportedBy:
2004 Feb 27
1
[PATCH] Getting AFS tokens from a GSSAPI-delegated TGT
...120,6 +120,7 @@
int auth_krb5_tgt(Authctxt *authctxt, krb5_data *tgt);
int auth_krb5_password(Authctxt *authctxt, const char *password);
void krb5_cleanup_proc(Authctxt *authctxt);
+void session_krb5_use_ccache(Authctxt *authctxt);
#endif /* KRB5 */
#if defined(USE_SHADOW) && defined(HAS_SHADOW_EXPIRE)
--- orig/session.c
+++ mod/session.c
@@ -1462,20 +1462,22 @@
* home directory is in AFS and it's not world-readable.
*/
- if (options.kerberos_get_afs_token && k_hasafs() &&
- (s->authctxt->krb5_ctx != NULL)) {
- char cell[64];
+ if (options.kerberos_get_...
2002 Nov 20
0
[PATCH #9] Password expiration via /bin/passwd.
...is listed
@@ -75,21 +81,22 @@
const char *hostname = NULL, *ipaddr = NULL;
char *shell;
int i;
-#ifdef WITH_AIXAUTHENTICATE
- char *loginmsg;
-#endif /* WITH_AIXAUTHENTICATE */
#if !defined(USE_PAM) && defined(HAVE_SHADOW_H) && \
!defined(DISABLE_SHADOW) && defined(HAS_SHADOW_EXPIRE)
struct spwd *spw;
+#endif
/* Shouldn't be called if pw is NULL, but better safe than sorry... */
if (!pw || !pw->pw_name)
return 0;
+ buffer_init(&expire_message);
+#if !defined(USE_PAM) && defined(HAVE_SHADOW_H) && \
+ !defined(DISABLE_SHADOW) && d...
2002 Feb 13
0
[Bug 116] New: Openssh Shadow expiration failure on IRIX 6.5.14
...running IRIX 6.5.14. When I try
expiring a user password in the /etc/shadow file, I cannot login. I continually
get prompted for my password and I never get logged in. I viewed the config.h
file after doing a ./configure in the openssh directory and found the following
flags turned on:
#define HAS_SHADOW_EXPIRE 1
#define HAVE_SHADOW_H 1
Could you please let me know of any extra compiling flags or other fixes for
this problem?
Thank you,
Ryan Bathauer
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
2002 Nov 24
1
[Bug 442] sshd allows login via public-key when account locked
http://bugzilla.mindrot.org/show_bug.cgi?id=442
------- Additional Comments From dtucker at zip.com.au 2002-11-24 14:25 -------
Created an attachment (id=181)
--> (http://bugzilla.mindrot.org/attachment.cgi?id=181&action=view)
Test for locked account in allowed_user()
Tested on Redhat 8 and Solaris 8.
------- You are receiving this mail because: -------
You are the assignee for
2003 Aug 26
1
Locked account checks and PAM
...t i;
#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW)
@@ -85,8 +85,7 @@ allowed_user(struct passwd * pw)
return 0;
#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW)
- if (!options.use_pam)
- spw = getspnam(pw->pw_name);
+ spw = getspnam(pw->pw_name);
#ifdef HAS_SHADOW_EXPIRE
#define DAY (24L * 60 * 60) /* 1 day in seconds */
if (!options.use_pam && spw != NULL) {
2000 Jul 02
1
A error in auth.c of openssh-2.1.1p2 port on systems with a mixture of shadowed and non-shadowed passwords and Japanese Translations.
...example, "root") entries and
getpwnam(3) for non-shadowed users' entries.
Otherwise, the function "allowed_user" in auth.c of openssh-2.1.1p2
has the following lines:
59 #if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) && \
60 defined(HAS_SHADOW_EXPIRE)
61 struct spwd *spw;
62
63 /* Shouldn't be called if pw is NULL, but better safe than sorry
*/
64 if (!pw)
65 return 0;
66
67 spw = getspnam(pw->pw_name);
68 if (spw == NULL)
69 return 0;
.
So, getspnam will r...
2004 Apr 02
1
PAM_LDAP fails with 3.7.1p2 when Shadow password installed on HP-UX 11.11
...r attached debug file]
I have installed OpenSSH-3.8 without any password expiry patch and that also
works with PAM_LDAP with Shadow passwords.
I am wondering why 3.7.1p2 alone do not work when 3.6, and 3.8 works.
Both 3.7 and 3.8 have the following macros in config.h
#undef DISABLE_SHADOW
#define HAS_SHADOW_EXPIRE 1
#define HAVE_SHADOW_H 1
#define HAVE_SECURITY_PAM_APPL_H 1
#define USE_PAM 1
#define PAM_SUN_CODEBASE 1
#define HAVE_LIBPAM 1
/* #undef PAM_TTY_KLUDGE */
/* #undef HAVE_OLD_PAM */
/* #undef HAVE_PAM_GETENVLIST */
/* #undef HAVE_PAM_PUTENV */
Some more info on the PAM_LDAP library used on the sy...
2003 Jul 09
0
[PATCH] Add expired password handling for AIX.
...* Debugging messages */
Buffer auth_debug;
@@ -86,9 +87,10 @@
if (!pw || !pw->pw_name)
return 0;
+#define DAY (24L * 60 * 60) /* 1 day in seconds */
+#define WEEK (DAY * 7) /* 1 week in seconds */
#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) && \
defined(HAS_SHADOW_EXPIRE)
-#define DAY (24L * 60 * 60) /* 1 day in seconds */
if (!options.use_pam && (spw = getspnam(pw->pw_name)) != NULL) {
today = time(NULL) / DAY;
debug3("allowed_user: today %d sp_expire %d sp_lstchg %d"
@@ -221,6 +223,65 @@
stat(_PATH_NOLOGIN, &st) == 0))...
2003 Jul 30
1
[PATCH] Password expiry merge (AIX parts)
...* Debugging messages */
Buffer auth_debug;
@@ -86,9 +87,10 @@
if (!pw || !pw->pw_name)
return 0;
+#define DAY (24L * 60 * 60) /* 1 day in seconds */
+#define WEEK (DAY * 7) /* 1 week in seconds */
#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) && \
defined(HAS_SHADOW_EXPIRE)
-#define DAY (24L * 60 * 60) /* 1 day in seconds */
if (!options.use_pam && (spw = getspnam(pw->pw_name)) != NULL) {
today = time(NULL) / DAY;
debug3("allowed_user: today %d sp_expire %d sp_lstchg %d"
@@ -221,6 +223,65 @@
stat(_PATH_NOLOGIN, &st) == 0))...
2002 Oct 13
1
[PATCH] AIX password expiration
Hi All.
With one eye on the do_pam_chauthtok() stuff I've merged contributions
by Pablo Sor and Mark Pitt into a patch against -current. I'm
interested in testers and suggestions for improvements.
The patch extends the loginrestrictions test to include expired
accounts (but unlike Mark's patch, doesn't log accounts with expired
passwords unless they're locked) and adds
2005 Sep 19
1
ssh hangs or gives Segmentation fault
...GSSAPI */
/* #undef KRB5 */
/* #undef HEIMDAL */
/* #undef USE_AFS */
/* #undef SKEY */
/* #undef LIBWRAP */
#define HAVE_LOGIN 1
#define HAVE_DAEMON 1
#define HAVE_GETPAGESIZE 1
#define XAUTH_PATH "/usr/X11R6/bin/xauth"
/* #undef HAVE_MD5_PASSWORDS */
/* #undef DISABLE_SHADOW */
#define HAS_SHADOW_EXPIRE 1
/* #undef HAVE_OSF_SIA */
/* #undef HAVE_GETPWANAM */
/* #undef HAVE_OLD_PAM */
/* #undef PAM_SUN_CODEBASE */
/* #undef MAIL_DIRECTORY */
#define HAVE_U_INT 1
#define HAVE_INTXX_T 1
#define HAVE_U_INTXX_T 1
#define HAVE_UINTXX_T 1
#define HAVE_INT64_T 1
#define HAVE_U_INT64_T 1
#define HAVE_U_CH...
2003 Sep 24
12
SSHD 3.7.1p2 on HP-UX
I have used SSHD from openssh-3.7.1p1 on HP-UX 11:11. It works
correctly and the entry in the logfile is:
Sep 24 07:01:20 garm sshd[6625]: Accepted password for japs from
192.38.97.131 port 2463
Next I have upgraded to openssh-3.7.1p2 and restarted SSHD. It does not
accept the password any more and the entries in the logfile are:
Sep 24 12:21:38 garm sshd[19542]: User japs not allowed because
2001 Nov 06
13
OpenSSH 3.0
OpenSSH 3.0 has just been released. It will be available from the
mirrors listed at http://www.openssh.com/ shortly.
OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0
implementation and includes sftp client and server support.
This release contains many portability bug-fixes (listed in the
ChangeLog) as well as several new features (listed below).
We would like to thank the
2006 Aug 30
30
Testing for the 4.4p1 release
Hi,
The 4.4p1 release is approaching now, so we are now asking people to
actively test snapshots or CVS and report back to the mailing list.
Snapshots are available from http://www.mindrot.org/openssh_snap or
from any of the mirrors listed on http://www.openssh.org/portable.html
The latter page also includes instructions for checking out portable
OpenSSH via anonymous CVS.
This release