similar to: AIX authenticate()

Hi All. With one eye on the do_pam_chauthtok() stuff I've merged contributions by Pablo Sor and Mark Pitt into a patch against -current. I'm interested in testers and suggestions for improvements. The patch extends the loginrestrictions test to include expired accounts (but unlike Mark's patch, doesn't log accounts with expired passwords unless they're locked) and adds

The patch below follows changes in AIX utmp handling made between AIX 4.3.3 and 5.1. With it, utmp entries are properly recorded again. The patch applies to OpenSSH 3.1p1, and seems to work fine. The co-worker who sent me the patch hasn't tested backwards compatibility on AIX 4.3.3 systems. Richard ------- *** openssh-2.9.9p2/auth-passwd.c.org Tue Jul 3 23:21:15 2001 ---

We have come across a problem with OpenSSH 2.3.0p1 (and still in 2.5.1p1) which affect authentication on an AIX 4.3 system. The code in auth-passwd.c at line 168 reads: #ifdef WITH_AIXAUTHENTICATE return (authenticate(pw->pw_name,password,&reenter,&authmsg) == 0); #endif however, the AIX manual page for "authenticate" states: "The authenticate subroutine maintains

Hi All. I've decided to try to merge the -Portable parts of the password expiry patch (see bug #14) that do not depend on the OpenBSD change in bug #463. The attached patch is the first step in this process. It removes the AIX-specific "char *aixloginmsg" and replaces it with a platform-neutral "Buffer loginmsg". I think this is worth having in -Portable even if it

Hi All. First the questions: Is there anything objectionable in this patch? Is AUDIT_FAIL_AUTH appropriate for the "Reason" field? Now the details: attached is a patch that changes some of the #includes for AIX. It moves the AIX-specific includes to port-aix.h and adds includes that contain the prototypes for many of the authentication functions. The idea isto fix some warnings.

This is an attempt to simplify the AIX expiry-via-passwd stuff and make it more generic. (There's actually a net reduction in #ifdefs). Patch against CVS: 1) configure finds passwd. 2) sshd uses passwd during session if required. 3) sshd uses passwd for PAM change if privsep disabled. 4) sshd uses Buffers for expire and post-login messages (no longer AIX specific). 5) password_change_required

Here are some patches to re-enable support for AIX's authenticate routines. With them, ssh will honor locked & unlocked accounts, record successful and unsuccessful logins, and deny accounts that are prohibited to log in via the network. Tested with AIX 4.3. It also includes a fix for handling SIGCHLD that may be needed for other platforms (HP-UX 10.20, for example). If I get the time

Dear list, since the order of authentication and AFS token/KRB TGT forwarding changed (around 3.0), we have had problems with users accidentally overwriting their credentials from a "password" login with forwarded credentials. E.g. user A logs in as user B, but stays with the AFS permissions of user A. A workaround is to use "-k" on these sessions, but "it worked without

I have a few patches for AIX. The patchfile is attached below. The patch has been tested on AIX4.2 and AIX4.3. The patch is on openssh-1.2.1pre25, with openssl-0.94, using RSAref. 1) authenticate support - this function allows the system to determine authentification. Whatever the system allows for login, authenticate will too. It doesn't matter whether it is AFS, DFS, SecureID, local.

Hi David, I'm sure loginfailed(..) should be called immediately after authenticate(..) returned an error. It is directly related to an invalid password try. (Please see my attached mail from May 2001 to the list). I'm not so sure when loginsuccess(..) should be called (setting the loginfailed counter to zero): Either 1) when somebody logs in successfully using all kinds of valid

On Thu, Nov 08, 2001 at 01:59:25PM +0100, Arthur de Jong wrote: > root and warthur both have user id 0. Sorry, I should have made that > clearer. They both have different passwords and rsa keys and I would like > to be able to make the distinction in the logs. Currently ssh only logs > that a ROOT user has logged in, not which one. hm, i don't think uid sharing is a standard unix

--- auth1.c.orig Sat Feb 3 18:17:53 2001 Bringa AIX modes in line with latest changes to auth1.c +++ auth1.c Sat Feb 3 18:19:15 2001 @@ -347,7 +347,7 @@ if (authctxt->failures++ > AUTH_FAIL_MAX) { #ifdef WITH_AIXAUTHENTICATE - loginfailed(user,get_canonical_hostname(),"ssh"); +

OpenSSH 3.0 has just been released. It will be available from the mirrors listed at http://www.openssh.com/ shortly. OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0 implementation and includes sftp client and server support. This release contains many portability bug-fixes (listed in the ChangeLog) as well as several new features (listed below). We would like to thank the

sorry, Darren. Long over due comments. [..] >+/* Record a failed login attempt. */ >+void >+record_failed_login(const char *user, const char *host, const char *ttyname) >+{ >+#ifdef WITH_AIXAUTHENTICATE >+ loginfailed(user, host, ttyname); >+#endif >+#ifdef _UNICOS >+ cray_login_failure((char *)user, IA_UDBERR); >+#endif /* _UNICOS */ >+} I like the

Under AIX there are three security settings: expires = a fixed date at which an account is no longer valid maxage= weeks before a password expires maxexpires=max weeks during which a password can be changed by a user after expiration AFTER WHICH ACCESS IS NOT ALLOWED Beauty of maxage with expires is, that no manual intervention is required to block inactive users. With maxage=5 and expires=1 an

Somewhere between 2.9p1 and 2.9.9p2 there was a change to auth2.c that removed the userauth_reply() function. There were a few lines of code in that function, #ifdef'd with WITH_AIXAUTHENTICATE, that handled the AIX method of lastlog type stuff (specifically, a loginsuccess() call). There is a similar call in auth1.c, down in do_authentication(), which is still there in 2.9.9p2. So with

There are a couple of bugs in the openssh-3.7.1p2. The aix_setauthdb function does not work with other types of authentication such as AFS/DFS. The loginfailed test in configure is not correct. Also, AIX can use the wtmp logging which I added in configure. Attached is the patch. Thanks, Matt Richards -------------- next part -------------- *** openssh-3.7.1p2/openbsd-compat/port-aix.c Mon Jul 14

This is based on openssh-2.0.0beta1. There are a few rough spots: 1) SunOS doesn't have ut_type in struct utmp so I just whacked in the old login() from openssh-1.2.3. 2) There is a SUNOS4 section added to defines.h -- this could probably be a bit cleaner. 3) sigaction on SunOS is implemented via #defines to sigvec, thus there is no SA_RESTART (this is the default behavior).

I experienced a problem compiling openssh_cvs with IRIX 6.5.11f. % cc -version MIPSpro Compilers: Version 7.3.1.2m % cc -n32 -mips3 -O2 -OPT:Olimit=0 ..... -c auth.c cc-1515 cc: ERROR File = auth.c, Line = 100 A value of type "int" cannot be assigned to an entity of type "char *". while ((cp = getusershell()) != NULL) ^ 1 error detected in the

Hello, I'm getting compile errors on AIX 5.1, not defining WITH_AIXAUTHENTICATE in config.h seems to solve the problem. I have configured with --syscondir=/etc/ssh and --with-ssl-dir=/usr/local/ssl and I am using gcc 2.95.3 The error messages is included below. Regards, Florian ---- make[1]: Entering directory `/home/dmc/src/openssh-3.7.1p1/openbsd-compat' gcc -g -O2 -Wall