similar to: password expiration

I'm looking at the password aging and account lock checks in auth.c:allowed_user(), and specifically their behaviour on HP-UX. First, should this code be ifdef'd away if we're using PAM? Next: /* Check account expiry */ if ((spw->sp_expire > 0) && (days > spw->sp_expire)) return 0; If I lock an account by entering too many incorrect passwords, sp_expire

Hello! Today I've found, downloaded and compiled openssh-2.2.0-p1. It basically worked, except that users other than root were not allowed to login. My system is a Linux-2.4.0-test7 with glibc-2.1.3. No PAM is installed/used. It uses MD5 passwords and shadow with account expiration feature. In handling of the latter, a probable bug was found. In auth.c, allowed_user(), there is a code at

i'm working on this. this is what i have now. sp_inact is not handled consistently across shadow platforms, so i'm going to not address that right now. the following is the predecessor to bug14. what is the timeframe for 3.2.1p1? markus suggested a few more weeks. Index: auth.c =================================================================== RCS file: /var/cvs/openssh/auth.c,v

This is an attempt to simplify the AIX expiry-via-passwd stuff and make it more generic. (There's actually a net reduction in #ifdefs). Patch against CVS: 1) configure finds passwd. 2) sshd uses passwd during session if required. 3) sshd uses passwd for PAM change if privsep disabled. 4) sshd uses Buffers for expire and post-login messages (no longer AIX specific). 5) password_change_required

Hi Damien, I noticed you merged a couple of ifdefs in the fix for bug #442. The cvs comment says "Fix Bug #442 for PAM case". The code is now roughly: #if !defined(USE_PAM) && defined(HAVE_SHADOW_H) && \ !defined(DISABLE_SHADOW) && defined(HAS_SHADOW_EXPIRE) spw = getspnam(pw->pw_name); passwd = spw->sp_pwdp; #else passwd =

Hi. I have found a error of openssh-2.1.1p2 port on systems with a mixture of shadowed and non-shadowed passwords. I reported a same type of error to Mr. Miller when openssh-1.2.1pre23 was released. On our systems, our local machines have shadowed /etc/passwd (and /etc/shadow) and our NIS server distributes non-shadowed password of general users. We have to use

The primary purpose of the attached patches is for portable OpenSSH to support changing expired passwords as specified in shadow password files. To support that, I did a couple enhancements to the base OpenBSD OpenSSH code. They are: 1. Consolidated the handling of "forced_command" into a do_exec() function in session.c. These were being handled inconsistently and allocated

I have used SSHD from openssh-3.7.1p1 on HP-UX 11:11. It works correctly and the entry in the logfile is: Sep 24 07:01:20 garm sshd[6625]: Accepted password for japs from 192.38.97.131 port 2463 Next I have upgraded to openssh-3.7.1p2 and restarted SSHD. It does not accept the password any more and the entries in the logfile are: Sep 24 12:21:38 garm sshd[19542]: User japs not allowed because

After upgrading to openssh-3.4p1, password authentication is no longer working on my system. I'm running Linux RedHat 6.2 with: kernel 2.2.20 openssh-3.4p1 openssl-0.9.6 pam-0.72-6 pwdb-0.61-0 I've tried it with and without compression, with and without priv sep, and I always get errors like this: Jun 30 19:07:48 sugarfreejazz sshd[1344]: Failed password for randy from 10.10.10.2 port

http://bugzilla.mindrot.org/show_bug.cgi?id=226 stevesk at pobox.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |DUPLICATE ------- Additional Comments From stevesk at pobox.com 2002-04-25

Hello, I have recently downloaded and compiled openssh-3.7.1p2 on both HP-UX 10.20 and HP-UX 11.00. The compile went fine. Logging in on the system used for the build works fine. However, logging in on a different system (where the newly compiled openssh is installed) results in the following error: Permission denied (publickey,password,keyboard-interactive). I have tried several things I

Dear All, I can install OpenSSH 3.7.1p2 with OpenSSL 0.9.7c on HP-UX 11.0 without problem. However, I find that all valid accounts are treated as "locked" (even specify "AllowUsers USER1" in sshd_config) and can't make SSH connection to the server. Here is the message shown in syslog.log. Oct 3 16:49:17 SERVER_NAME sshd[12994]: User USER1 not allowed because account is

I experienced a problem compiling openssh_cvs with IRIX 6.5.11f. % cc -version MIPSpro Compilers: Version 7.3.1.2m % cc -n32 -mips3 -O2 -OPT:Olimit=0 ..... -c auth.c cc-1515 cc: ERROR File = auth.c, Line = 100 A value of type "int" cannot be assigned to an entity of type "char *". while ((cp = getusershell()) != NULL) ^ 1 error detected in the

Quite a few changes here, please test. http://www.mindrot.org/misc/openssh/openssh-SNAP-20000916.tar.gz -d 20000916 - (djm) New SuSE spec from Corinna Vinschen <corinna at vinschen.de> - (djm) Update CygWin support from Corinna Vinschen <vinschen at cygnus.com> - (djm) Use a real struct sockaddr inside the fake struct sockaddr_storage. Patch from Larry Jones <larry.jones at

Hi, This is included in the release now; any feedback? Privilege separation, or privsep, is method in OpenSSH by which operations that require root privilege are performed by a separate privileged monitor process. Its purpose is to prevent privilege escalation by containing corruption to an unprivileged process. More information is available at:

http://bugzilla.mindrot.org/show_bug.cgi?id=284 stevesk at pobox.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |FIXED ------- Additional Comments From stevesk at pobox.com 2002-06-23 09:11

We have a policy that requires all user passwords to expire after 90 days. We also use puppet for managing all users on our machines. Our hope was, when our passwords expire, we could update the puppet manifest which would propogate to all our servers, thus updating all our passwords. The problem is, the User type (w/ manage_passwords enabled and ruby- shadow installed) will only set the

Hi All. Attached is a patch which adds AIX native password expiry support to sshd. It will only apply to -current and is a subset of the patch I have been working on in the last few months (see bug #14 [1]). It contains code by Pablo Sor, Mark Pitt and Zdenek Tlusty and fixes for bugs reported by many others (see [2] for a full list). It adds a do_tty_change_password function that execs

removes HAVE_BOGUS_SYS_QUEUE_H and always use our queue.h. ok? Index: acconfig.h =================================================================== RCS file: /var/cvs/openssh/acconfig.h,v retrieving revision 1.122 diff -u -r1.122 acconfig.h --- acconfig.h 26 Feb 2002 16:40:49 -0000 1.122 +++ acconfig.h 12 Mar 2002 02:11:39 -0000 @@ -14,7 +14,6 @@ /* SCO workaround */ #undef

Currently, OpenSSH prints the message: "Warning: You password has expired, please change it now" if the password has expired. It would be nice if the user could/had to change password before continuing, like with Linux console login. I've tried to make an patch, but it doesn't work. Ideas? --- auth-pam.c.org Wed Oct 11 18:03:43 2000 +++ auth-pam.c Wed Oct 11 18:03:44