search for: sp_inact

Hi. I have found a error of openssh-2.1.1p2 port on systems with a mixture of shadowed and non-shadowed passwords. I reported a same type of error to Mr. Miller when openssh-1.2.1pre23 was released. On our systems, our local machines have shadowed /etc/passwd (and /etc/shadow) and our NIS server distributes non-shadowed password of general users. We have to use

...o PAM is installed/used. It uses MD5 passwords and shadow with account expiration feature. In handling of the latter, a probable bug was found. In auth.c, allowed_user(), there is a code at the line 73, saying ... /* Check password expiry */ if ((spw->sp_lstchg > 0) && (spw->sp_inact > 0) && (days > (spw->sp_lstchg + spw->sp_inact))) return 0; } ... In my opinion, this is wrong. sp_inact tells how long the account may remain inactive until it is locked, measured from the last login time. It is set to 30 days for all users on my system. To add the dat...

i'm working on this. this is what i have now. sp_inact is not handled consistently across shadow platforms, so i'm going to not address that right now. the following is the predecessor to bug14. what is the timeframe for 3.2.1p1? markus suggested a few more weeks. Index: auth.c ===================================================================...

-----BEGIN PGP SIGNED MESSAGE----- Hi, I''ve got several replies, thank you for them. Let me summarize: o Many people say there is a PAMified version of ssh available at ftp://ftp.replay.com/pub/crypto/redhat/SRPMS (the source) ftp://ftp.replay.com/pub/crypto/redhat/i386 (Intel binaries) (there are analogous paths for the other architectures). The packages are made by Jan

I encountered a couple of strange events with respect to password authentication this morning. Two of our staff were unable to login onto several systems using their usual passwords. Both users had last logged in on these hosts using their accounts and passwords on Friday past. The two accounts could not log on to any of the servers for which they had access and the message log on each showed

...ure from Steve Kann * <stevek@SteveK.COM>. * + * Revision 1.42a 1997/06/06 18:40:00 jonchen + * Added support for PAM + * * Revision 1.42 1997/04/23 00:05:35 kivinen * Added ifdefs around password expiration and inactivity checks, * because some systems dont have sp_expire and sp_inact fields. @@ -525,6 +528,14 @@ char *ticket = "none\0"; #endif /* KERBEROS */ +#ifdef HAVE_PAM +#include <security/pam_appl.h> +struct pam_handle_t *pamh=NULL; +char *pampasswd=NULL; +int retval; +int origretval; +#endif /* HAVE_PAM */ + /* Server configuration options. */ Serve...

maybe this is a silly question ;-) But why is it possible to login on a machine with a locked account (passwd -l ) via pubkey-authentication (authorized_keys) ? I use OpenSSH3.01p1on Solaris8 with PAM support so I thought this should not happen. If this is the normal behaviour and built in intentionally what would be the easiest way to lock an account without deleting the users authorized_keys ?

....h> specified in #include directive. (noinclfile) #include <shadow.h> -^ configure: failed program was: #line 7970 "configure" #include "confdefs.h" #include <sys/types.h> #include <shadow.h> struct spwd sp; int main() { sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ; return 0; } configure:8080: cc -o conftest -g -I/usr/local/ssl/include -L/usr/local/ssl/lib conftest.c -lz -lsecurity -ldb -lm -laud -lutil -lcrypto 1>&5 configure:8137: checking if we need to convert IPv4 in IPv6-mapped addresses configure:8189: checking whether to install ssh a...

...hecking if the systems has expire shadow information" >&5 cat > conftest.$ac_ext <<EOF -#line 5721 "configure" +#line 5741 "configure" #include "confdefs.h" #include <sys/types.h> @@ -5728,7 +5748,7 @@ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ; return 0; } EOF -if { (eval echo configure:5732: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:5752: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* sp_expire_available=yes...

...hecking if the systems has expire shadow information" >&5 cat > conftest.$ac_ext <<EOF -#line 5938 "configure" +#line 5958 "configure" #include "confdefs.h" #include <sys/types.h> @@ -5945,7 +5965,7 @@ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ; return 0; } EOF -if { (eval echo configure:5949: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:5969: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* sp_expire_available=yes...