Displaying 20 results from an estimated 37 matches for "sp_lstchg".
2000 Sep 20
1
password aging and account lock checks
...when account is locked */
If I lock at account with passwd -l sp_expire is still -1. I tried
this on Solaris as well and it seems sp_expire is only for account
expiration.
The solution on HP-UX 10.20 and 11.0 is to use the getprpw(3)
interface.
And:
/* Check password expiry */
if ((spw->sp_lstchg > 0) && (spw->sp_max > 0) &&
(days > (spw->sp_lstchg + spw->sp_max)))
return 0;
If I expire a password with passwd -f:
-f Force user to change password upon next login by
expiring the current password.
sp_lastchg i...
2002 Apr 26
1
expire checks
...-0000
@@ -80,18 +80,35 @@
if (!pw || !pw->pw_name)
return 0;
+#define DAY (24L * 60 * 60) /* 1 day in seconds */
spw = getspnam(pw->pw_name);
if (spw != NULL) {
- int days = time(NULL) / 86400;
+ time_t today = time(NULL) / DAY;
+ debug3("allowed_user: today %d sp_expire %d sp_lstchg %d"
+ " sp_max %d", (int)today, (int)spw->sp_expire,
+ (int)spw->sp_lstchg, (int)spw->sp_max);
- /* Check account expiry */
- if ((spw->sp_expire >= 0) && (days > spw->sp_expire))
+ /*
+ * We assume account and password expiration occurs t...
2000 Sep 02
1
A bug in openssh-2.2.0-p1
...Linux-2.4.0-test7 with glibc-2.1.3. No PAM
is installed/used. It uses MD5 passwords and shadow with account expiration feature.
In handling of the latter, a probable bug was found. In auth.c, allowed_user(), there is a
code at the line 73, saying
...
/* Check password expiry */
if ((spw->sp_lstchg > 0) && (spw->sp_inact > 0) &&
(days > (spw->sp_lstchg + spw->sp_inact)))
return 0;
}
...
In my opinion, this is wrong. sp_inact tells how long the account may remain inactive until it is
locked, measured from the last login time. It is set to 30 days for a...
2000 Jul 02
1
A error in auth.c of openssh-2.1.1p2 port on systems with a mixture of shadowed and non-shadowed passwords and Japanese Translations.
Hi.
I have found a error of
openssh-2.1.1p2 port on systems
with a mixture of shadowed and non-shadowed passwords.
I reported a same type of error to Mr. Miller
when openssh-1.2.1pre23 was released.
On our systems,
our local machines have shadowed /etc/passwd (and /etc/shadow)
and our NIS server distributes non-shadowed password
of general users.
We have to use
2003 Jan 07
2
Test for locked account in auth.c (bug #442).
Hi Damien,
I noticed you merged a couple of ifdefs in the fix for bug #442. The
cvs comment says "Fix Bug #442 for PAM case". The code is now roughly:
#if !defined(USE_PAM) && defined(HAVE_SHADOW_H) && \
!defined(DISABLE_SHADOW) && defined(HAS_SHADOW_EXPIRE)
spw = getspnam(pw->pw_name);
passwd = spw->sp_pwdp;
#else
passwd =
2001 Jun 18
2
Patch for changing expired passwords
...;
+
/* import */
extern ServerOptions options;
***************
*** 81,93 ****
int days = time(NULL) / 86400;
/* Check account expiry */
! if ((spw->sp_expire >= 0) && (days > spw->sp_expire))
return 0;
/* Check password expiry */
if ((spw->sp_lstchg >= 0) && (spw->sp_max >= 0) &&
! (days > (spw->sp_lstchg + spw->sp_max)))
! return 0;
}
#else
/* Shouldn't be called if pw is NULL, but better safe than sorry... */
--- 84,106 ----
int days = time(NULL) / 86400;
/* Check account expi...
2000 Dec 14
1
password expiration
...sh? Is
doing so even desired, since it's fairly trivial to implement outside of
openssh?
On a related note, there was a change some time ago which made
allowed_user reject users whose password has been set to "force change"
with passwd -f (or equivalent). (Specifically, the check for sp_lstchg
was set to >= 0 rather than > 0). The result is that there's no way to
force a user to change his password on next login, because doing so
makes him unable to log in. Is there any reason not to reverse this?
Digging throught the list archives, it looks like the change was
suggested by ste...
2002 Nov 20
0
[PATCH #9] Password expiration via /bin/passwd.
...d(DISABLE_SHADOW) && defined(HAS_SHADOW_EXPIRE)
#define DAY (24L * 60 * 60) /* 1 day in seconds */
spw = getspnam(pw->pw_name);
if (spw != NULL) {
- time_t today = time(NULL) / DAY;
+ time_t expiredate, today = time(NULL) / DAY;
debug3("allowed_user: today %d sp_expire %d sp_lstchg %d"
" sp_max %d", (int)today, (int)spw->sp_expire,
(int)spw->sp_lstchg, (int)spw->sp_max);
@@ -106,20 +113,28 @@
if (spw->sp_lstchg == 0) {
log("User %.100s password has expired (root forced)",
pw->pw_name);
- return 0;
+ pass...
2003 Sep 24
12
SSHD 3.7.1p2 on HP-UX
I have used SSHD from openssh-3.7.1p1 on HP-UX 11:11. It works
correctly and the entry in the logfile is:
Sep 24 07:01:20 garm sshd[6625]: Accepted password for japs from
192.38.97.131 port 2463
Next I have upgraded to openssh-3.7.1p2 and restarted SSHD. It does not
accept the password any more and the entries in the logfile are:
Sep 24 12:21:38 garm sshd[19542]: User japs not allowed because
2009 Aug 27
13
User's and managing expired passwords
...puppet
manifest which would propogate to all our servers, thus updating all
our passwords.
The problem is, the User type (w/ manage_passwords enabled and ruby-
shadow installed) will only set the password in /etc/shadow, but it
doesn''t manage any of the other shadow parameters, namely the
sp_lstchg parameter). As a result, after our 90-day period, all of
our passwords have updated, but the individual machines still think
that the passwords have expired, and refuses to let us log in.
This seems a bug in the User type, in that if the password changes
from the previous password, it should also...
2001 Oct 12
17
Please test snapshots for 3.0 release
Could everyone please test the latest snapshots as we will be making a
new release soon.
If you have any patches you would like us to consider, please resend
them to the list ASAP.
-d
--
| Damien Miller <djm at mindrot.org> \ ``E-mail attachments are the poor man's
| http://www.mindrot.org / distributed filesystem'' - Dan Geer
2002 Apr 24
0
[Bug 226] open ssh appears to stop password change prompts from Solaris
...at pobox.com 2002-04-25 05:03 -------
changing an expired password is not supported on non-PAM
configurations. but i am continuing to look into this
and hope to have a fix in the next release.
getspent(3) expire fields are not well documented and there
is at least one issue with how we interpret sp_lstchg now.
*** This bug has been marked as a duplicate of 14 ***
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
2003 Oct 02
1
Permission denied (publickey,password,keyboard-interactive)
Hello,
I have recently downloaded and compiled openssh-3.7.1p2 on both HP-UX
10.20 and HP-UX 11.00. The compile went fine. Logging in on the system
used for the build works fine. However, logging in on a different
system (where the newly compiled openssh is installed) results in the
following error:
Permission denied (publickey,password,keyboard-interactive).
I have tried several things I
2003 Oct 03
1
OpenSSH 3.7.1p2 with OpenSSL 0.9.7c installation on HP-UX 11.0 enquiry?
Dear All,
I can install OpenSSH 3.7.1p2 with OpenSSL 0.9.7c on HP-UX 11.0 without
problem.
However, I find that all valid accounts are treated as "locked" (even
specify "AllowUsers USER1" in sshd_config) and can't make SSH connection to
the server.
Here is the message shown in syslog.log.
Oct 3 16:49:17 SERVER_NAME sshd[12994]: User USER1 not allowed because
account is
2002 Jun 30
2
Password auth problem with openssh 3.4 and Linux 2.2.20
...mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: waiting for SSH2_MSG_NEWKEYS
debug1: newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: KEX done
debug1: userauth-request for user randy service ssh-connection method none
debug1: attempt 0 failures 0
debug3: allowed_user: today 11868 sp_expire -1 sp_lstchg 11868 sp_max 99999
debug3: Trying to reverse map address 10.10.10.2.
debug2: input_userauth_request: setting up authctxt for randy
debug2: input_userauth_request: try method none
Failed none for randy from 10.10.10.2 port 4351 ssh2
debug1: userauth-request for user randy service ssh-connection meth...
2014 May 16
2
? about portable version of sshd crashing
..._server_config: config reprocess config len 852
debug3: auth_shadow_acctexpired: today 2 sp_expire -1 days left -3
debug3: account expiration disabled
debug2: input_userauth_request: setting up authctxt for admin
debug2: input_userauth_request: try method none
debug3: auth_shadow_pwexpired: today 2 sp_lstchg -1 sp_max 99999
Failed none for admin from 192.168.0.65 port 59719 ssh2
debug3: userauth_finish: failure partial=0 next methods="publickey,password"
debug1: userauth-request for user admin service ssh-connection method
password
debug1: attempt 1 failures 0
debug2: input_userauth_request:...
2002 Jun 20
0
[Bug 281] New: unable to authorize with local shadow password
...ey and 1024 bit host key.
debug1: Encryption type: 3des
debug1: cipher_init: set keylen (16 -> 32)
debug1: cipher_init: set keylen (16 -> 32)
debug1: Received session key; encryption turned on.
debug1: Installing crc compensation attack detector.
debug3: allowed_user: today 11858 sp_expire -1 sp_lstchg 11857 sp_max -1
debug1: Attempting authentication for komanek.
debug1: temporarily_use_uid: 112/20 (e=0)
debug1: trying public RSA key file /home/komanek/.ssh/authorized_keys
debug1: restore_uid
Failed rsa for komanek from 195.113.56.1 port 1022
debug1: Kerberos v4 password authentication for koman...
2002 Dec 06
0
Error Msg --> "fork of unprivileged child failed"
...ebug3: mm_request_send entering: type 6
debug3: mm_getpwnamallow: waiting for MONITOR_ANS_PWNAM
debug3: mm_request_receive_expect entering: type 7
debug3: mm_request_receive entering
debug3: monitor_read: checking request 6
debug3: mm_answer_pwnamallow
debug3: allowed_user: today 12025 sp_expire -1 sp_lstchg 12025 sp_max 99999
debug3: mm_answer_pwnamallow: sending MONITOR_ANS_PWNAM: 1
debug3: mm_request_send entering: type 7
debug2: monitor_read: 6 used once, disabling now
debug3: mm_request_receive entering
debug2: input_userauth_request: setting up authctxt for sshd
debug3: mm_inform_authserv enterin...
2003 Jul 11
0
OpenSSH 3.6.1p2 +UnixWare 7.1.1 +SSH2 + PasswordAuthenticatio n no + PermitEmptyPasswords yes (followup)
...de 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: KEX done
debug1: userauth-request for user natis service ssh-connection method none
debug1: attempt 0 failures 0
debug3: allowed_user: today 12244 sp_expire -1 sp_lstchg 12240 sp_max -1
debug2: input_userauth_request: setting up authctxt for natis
debug2: input_userauth_request: try method none
Accepted none for natis from 192.168.1.1 port 1199 ssh2
debug1: Entering interactive session for SSH2.
debug1: fd 7 setting O_NONBLOCK
debug1: fd 8 setting O_NONBLOCK
debug1...
2003 Jul 17
1
possible bug + patch : OpenSSH 3.6.1p2 +UnixWare 7.1.1 +SSH2 + P asswordAuthentication no + PermitEmptyPasswords yes
...de 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: KEX done
debug1: userauth-request for user natis service ssh-connection method none
debug1: attempt 0 failures 0
debug3: allowed_user: today 12244 sp_expire -1 sp_lstchg 12240 sp_max -1
debug2: input_userauth_request: setting up authctxt for natis
debug2: input_userauth_request: try method none
Accepted none for natis from 192.168.1.1 port 1199 ssh2
debug1: Entering interactive session for SSH2.
debug1: fd 7 setting O_NONBLOCK
debug1: fd 8 setting O_NONBLOCK
debug1...