search for: sp_max

...at account with passwd -l sp_expire is still -1. I tried this on Solaris as well and it seems sp_expire is only for account expiration. The solution on HP-UX 10.20 and 11.0 is to use the getprpw(3) interface. And: /* Check password expiry */ if ((spw->sp_lstchg > 0) && (spw->sp_max > 0) && (days > (spw->sp_lstchg + spw->sp_max))) return 0; If I expire a password with passwd -f: -f Force user to change password upon next login by expiring the current password. sp_lastchg is set to 0. The above code does no...

...pw || !pw->pw_name) return 0; +#define DAY (24L * 60 * 60) /* 1 day in seconds */ spw = getspnam(pw->pw_name); if (spw != NULL) { - int days = time(NULL) / 86400; + time_t today = time(NULL) / DAY; + debug3("allowed_user: today %d sp_expire %d sp_lstchg %d" + " sp_max %d", (int)today, (int)spw->sp_expire, + (int)spw->sp_lstchg, (int)spw->sp_max); - /* Check account expiry */ - if ((spw->sp_expire >= 0) && (days > spw->sp_expire)) + /* + * We assume account and password expiration occurs the + * day after the day spe...

...sp_inact tells how long the account may remain inactive until it is locked, measured from the last login time. It is set to 30 days for all users on my system. To add the date of last password change to this value is meaningless and this test fails for all my users. On the other hand, there is a sp_max entry, stating maximum number of days between password changes. This is the right value for us. So I changed the code to be as follows: /* Check password expiry */ if ((spw->sp_lstchg > 0) && (spw->sp_max > 0) && (days > (spw->sp_lstchg + spw->sp_max)))...

Hello, I have recently downloaded and compiled openssh-3.7.1p2 on both HP-UX 10.20 and HP-UX 11.00. The compile went fine. Logging in on the system used for the build works fine. However, logging in on a different system (where the newly compiled openssh is installed) results in the following error: Permission denied (publickey,password,keyboard-interactive). I have tried several things I

Dear All, I can install OpenSSH 3.7.1p2 with OpenSSL 0.9.7c on HP-UX 11.0 without problem. However, I find that all valid accounts are treated as "locked" (even specify "AllowUsers USER1" in sshd_config) and can't make SSH connection to the server. Here is the message shown in syslog.log. Oct 3 16:49:17 SERVER_NAME sshd[12994]: User USER1 not allowed because account is

...ned(HAS_SHADOW_EXPIRE) #define DAY (24L * 60 * 60) /* 1 day in seconds */ spw = getspnam(pw->pw_name); if (spw != NULL) { - time_t today = time(NULL) / DAY; + time_t expiredate, today = time(NULL) / DAY; debug3("allowed_user: today %d sp_expire %d sp_lstchg %d" " sp_max %d", (int)today, (int)spw->sp_expire, (int)spw->sp_lstchg, (int)spw->sp_max); @@ -106,20 +113,28 @@ if (spw->sp_lstchg == 0) { log("User %.100s password has expired (root forced)", pw->pw_name); - return 0; + password_change_required = 1; +...

Hi Damien, I noticed you merged a couple of ifdefs in the fix for bug #442. The cvs comment says "Fix Bug #442 for PAM case". The code is now roughly: #if !defined(USE_PAM) && defined(HAVE_SHADOW_H) && \ !defined(DISABLE_SHADOW) && defined(HAS_SHADOW_EXPIRE) spw = getspnam(pw->pw_name); passwd = spw->sp_pwdp; #else passwd =

...ons options; *************** *** 81,93 **** int days = time(NULL) / 86400; /* Check account expiry */ ! if ((spw->sp_expire >= 0) && (days > spw->sp_expire)) return 0; /* Check password expiry */ if ((spw->sp_lstchg >= 0) && (spw->sp_max >= 0) && ! (days > (spw->sp_lstchg + spw->sp_max))) ! return 0; } #else /* Shouldn't be called if pw is NULL, but better safe than sorry... */ --- 84,106 ---- int days = time(NULL) / 86400; /* Check account expiry */ ! if ((spw->sp_expire &gt...

I have used SSHD from openssh-3.7.1p1 on HP-UX 11:11. It works correctly and the entry in the logfile is: Sep 24 07:01:20 garm sshd[6625]: Accepted password for japs from 192.38.97.131 port 2463 Next I have upgraded to openssh-3.7.1p2 and restarted SSHD. It does not accept the password any more and the entries in the logfile are: Sep 24 12:21:38 garm sshd[19542]: User japs not allowed because

Could everyone please test the latest snapshots as we will be making a new release soon. If you have any patches you would like us to consider, please resend them to the list ASAP. -d -- | Damien Miller <djm at mindrot.org> \ ``E-mail attachments are the poor man's | http://www.mindrot.org / distributed filesystem'' - Dan Geer

...SH2_MSG_NEWKEYS sent debug1: waiting for SSH2_MSG_NEWKEYS debug1: newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: KEX done debug1: userauth-request for user randy service ssh-connection method none debug1: attempt 0 failures 0 debug3: allowed_user: today 11868 sp_expire -1 sp_lstchg 11868 sp_max 99999 debug3: Trying to reverse map address 10.10.10.2. debug2: input_userauth_request: setting up authctxt for randy debug2: input_userauth_request: try method none Failed none for randy from 10.10.10.2 port 4351 ssh2 debug1: userauth-request for user randy service ssh-connection method password d...

...g: config reprocess config len 852 debug3: auth_shadow_acctexpired: today 2 sp_expire -1 days left -3 debug3: account expiration disabled debug2: input_userauth_request: setting up authctxt for admin debug2: input_userauth_request: try method none debug3: auth_shadow_pwexpired: today 2 sp_lstchg -1 sp_max 99999 Failed none for admin from 192.168.0.65 port 59719 ssh2 debug3: userauth_finish: failure partial=0 next methods="publickey,password" debug1: userauth-request for user admin service ssh-connection method password debug1: attempt 1 failures 0 debug2: input_userauth_request: try method...

...host key. debug1: Encryption type: 3des debug1: cipher_init: set keylen (16 -> 32) debug1: cipher_init: set keylen (16 -> 32) debug1: Received session key; encryption turned on. debug1: Installing crc compensation attack detector. debug3: allowed_user: today 11858 sp_expire -1 sp_lstchg 11857 sp_max -1 debug1: Attempting authentication for komanek. debug1: temporarily_use_uid: 112/20 (e=0) debug1: trying public RSA key file /home/komanek/.ssh/authorized_keys debug1: restore_uid Failed rsa for komanek from 195.113.56.1 port 1022 debug1: Kerberos v4 password authentication for komanek failed: Pa...

...t_send entering: type 6 debug3: mm_getpwnamallow: waiting for MONITOR_ANS_PWNAM debug3: mm_request_receive_expect entering: type 7 debug3: mm_request_receive entering debug3: monitor_read: checking request 6 debug3: mm_answer_pwnamallow debug3: allowed_user: today 12025 sp_expire -1 sp_lstchg 12025 sp_max 99999 debug3: mm_answer_pwnamallow: sending MONITOR_ANS_PWNAM: 1 debug3: mm_request_send entering: type 7 debug2: monitor_read: 6 used once, disabling now debug3: mm_request_receive entering debug2: input_userauth_request: setting up authctxt for sshd debug3: mm_inform_authserv entering debug3: mm_...

...2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug2: set_newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: KEX done debug1: userauth-request for user natis service ssh-connection method none debug1: attempt 0 failures 0 debug3: allowed_user: today 12244 sp_expire -1 sp_lstchg 12240 sp_max -1 debug2: input_userauth_request: setting up authctxt for natis debug2: input_userauth_request: try method none Accepted none for natis from 192.168.1.1 port 1199 ssh2 debug1: Entering interactive session for SSH2. debug1: fd 7 setting O_NONBLOCK debug1: fd 8 setting O_NONBLOCK debug1: server_init...

...2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug2: set_newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: KEX done debug1: userauth-request for user natis service ssh-connection method none debug1: attempt 0 failures 0 debug3: allowed_user: today 12244 sp_expire -1 sp_lstchg 12240 sp_max -1 debug2: input_userauth_request: setting up authctxt for natis debug2: input_userauth_request: try method none Accepted none for natis from 192.168.1.1 port 1199 ssh2 debug1: Entering interactive session for SSH2. debug1: fd 7 setting O_NONBLOCK debug1: fd 8 setting O_NONBLOCK debug1: server_init...

I encountered a couple of strange events with respect to password authentication this morning. Two of our staff were unable to login onto several systems using their usual passwords. Both users had last logged in on these hosts using their accounts and passwords on Friday past. The two accounts could not log on to any of the servers for which they had access and the message log on each showed

Hi, I have recently compiled a copy of OpenSSH for use on Reliant Unix ( Sinix ) version 5.45. My installation works okay for user root. When I try to log on as another user I get prompted for the user password. When I type this in OpenSSH throws me out each time. I have been able to see any errors. My version is OpenSSH_3.8p1, SSH protocols 1.5/2.0, OpenSSL 0.9.7d 17 Mar 2004. I am using Putty

...G_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug2: set_newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: KEX done debug1: userauth-request for user Vssh_U service ssh-connection method none debug1: attempt 0 failures 0 debug3: allowed_user: today 12327 sp_expire 13878 sp_lstchg 12327 sp_max 168 debug2: input_userauth_request: setting up authctxt for Vssh_U debug2: input_userauth_request: try method none Failed none for Vssh_U from 127.0.0.1 port 4416 ssh2 debug1: userauth-request for user Vssh_U service ssh-connection method password debug1: attempt 1 failures 1 debug2: input_userauth...

...2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug2: set_newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: KEX done debug1: userauth-request for user hendl service ssh-connection method none debug1: attempt 0 failures 0 debug3: allowed_user: today 12369 sp_expire -1 sp_lstchg 11954 sp_max -1 debug2: input_userauth_request: setting up authctxt for hendl debug2: input_userauth_request: try method none Failed none for hendl from 10.128.11.71 port 34100 ssh2 debug1: userauth-request for user hendl service ssh-connection method publickey debug1: attempt 1 failures 1 debug2: input_useraut...