similar to: password aging problem with ssh protocol 2

openssh password expiration problemPatrick, Indeed password aging does not work with OpenSSH 3.0.1p1 on Solaris 2.6. >From what I can tell something is different with Solaris 2.6 and Solaris 2.8. I know that password expiration doesn't cause a problem on Solaris8. I'm unclear as to whether the problem is with OpenSSH code or Solaris. All I know is that the latest PAM patches are not

The reason I ask about the patches is because I think the problem you're seeing might actually be a bug in pam_unix.so.1 - it's something to try at least. We don't use password aging and we don't use the "passwd" command to change passwords, so we haven't run into this at our site even though we probably don't have pam_unix.so patched up. Also, the passwd

The 2 errors: pam_setcred: error Permission denied Cannot delete credentials[7]: Permission denied Looks to be a major bug in the PAM module for Solaris-2.8/2.7/2.6. Has anyone from the list (developers of OpenSSH, endusers, hackers, etc.) came up w/ a solution? Even a temporary one? When authenticating yourself on the same system that worked, but when authenticating to another system failed. I

Hello, I am Sachin Parthasarathy. I am currently a Masters student in Computer Science in National University of Singapore. I like programming in C++ and Java. Also I have work experience in C# . I have worked on projects of my own. You can see the demo of my projects here : Knowledge Graph : http://52.27.131.28/ Lyrics Finder : http://54.68.86.237/ I am really interested in the project :

Hello, I have attempted several times to compile openssh3.1p1 that will use a random package called ANDIrand. How can I compile and get ssh to use this random number generator? I have tried the --rand-helper switch with my configure and still it does not work. I am compiling in Solaris 8, and need to then create a package that can be used on Solaris 6, Solaris 7, and Solaris 8. Thanks, Eric

Ok, so, things are complicated. The PAM standard insists on password aging being done after account authorization, which comes after user authentication. Kerberos can't authenticate users whose passwords are expired. So PAM_KRB5 implementations tend to return PAM_SUCCESS from pam_krb5:pam_sm_authenticate() and arrange for pam_krb5:pam_sm_acct_mgmt() to return PAM_NEW_AUTHTOK_REQD, as

Hi, I am Parthasarathy G , from IIT Maras ( India ). I am currently in third year of the undergraduate course. I would like to contribute to the R project. Can anyone guide me regarding this? Thanking you, Parthasarathy [[alternative HTML version deleted]]

I've compiled 3.7.1p2 on AIX 5.1 w/pam compiled in, but not enable in the sshd_config. Also applied Darrens 3.7.1p2 patch25. I am having issues w/password aging when maxage is set to anything >0. i dont believe this function was ever working (at least not in 3.5p1). Can anyone verify this? Thanks, Ryan __________________________________ Do you Yahoo!? Protect your identity with Yahoo!

I'm looking at the password aging and account lock checks in auth.c:allowed_user(), and specifically their behaviour on HP-UX. First, should this code be ifdef'd away if we're using PAM? Next: /* Check account expiry */ if ((spw->sp_expire > 0) && (days > spw->sp_expire)) return 0; If I lock an account by entering too many incorrect passwords, sp_expire

Vesion 3.8.1 of OpenSSH has been compiled on a Solaris 8 host. I am having difficulties in enabling password aging to work from reading /etc/default/passwd and /etc/shadow. # passwd -f < user-id > works satisfactorily however once a password ages through due course from the settings in /etc/default/passwd and /etc/shadow the users are not prompted to change passwords and the user is logged

Is there a way to run sshd on a windows 2000 server and have ssh clients authenticate to it using domain level authentication? Mike

In do_pam_cleanup_proc(), there are 3 calls to PAM: 1) pam_close_session() - do lastlog stuff 2) pam_setcred(PAM_DELETE_CRED) - delete credentials 3) pam_end() - close PAM It appears that pam_setcred() always fails with the error PAM_PERM_DENIED. This is due to a check done pam_unix.so to not allow a caller with euid 0 to even try to delete their SECURE_RPC credentials. When sshd calls

First, my config: Solaris 8 PADL pam_ldap v165 and pam_nss v211 OpenSSH 3.7.1.p2 All compiled with gcc 2.95.3 that ships with the Sun companion CD LDAP PAM authentication is working well with OpenSSH, privsep is disabled, challenge-response authentication is enabled. I would like to turn on password aging, which seems to be well supported by pam_ldap. Logins going through /bin/login correctly

Hi All I've got an asterisk system, using a couple of Xorcom Astribanks to provide FXS ports. (I'm using the zaptel 1.2 branch, if that matters) I've noticed that the ringing volume is a lot louder than on our old phone system, and people are starting to complain it's too loud. (This is the noise the phone makes when it rings, not the noise in your handset when you ring

Hello, >From the response to my original post regarding openssh, obviously the only way to resolve the problem of getting openssh to work properly under Solaris 8 with openssl 0.9.6b was to compile with debugging an analyze to core file. Let me state that I am not a developer, but maybe the following will help. I have compiled both openssh2.96p2 and openssl 0.9.6b with debugging using the Sun

On Thu, 28 Jan 2010, Nick Burch wrote: > Assuming so, I'm trying to decide if it's likely to be better to port > the missing read parts from C to Java, or start again with something > with a more "Java like" api. Having read rfc 3533, I don't think doing a > read-only ogg layer api using Java conventions should be too hard to > implement.... I've

I give up and need help! I won''t add to the confusion by showing all the combinations I have tried unsuccessfully... and yes, I''ve read FAQ2 and FAQ2a many times! When googling the subject of this post there are many answers that boil down to using the same three iptables rules, two of which use nat. I won''t repeat them here. I don''t want to risk mixing

Hello, I have tried to install openssh 2.9p2 on Solaris 2.6 and Solaris 2.8 after compiling the openssl (both 0.9.6a and 0.9.6b) and openssh software with both gcc 2.95.3, Sun's Forte compiler, Sun's linker, etc. I have tried the zlib from Sun freeware and version 11.8.0 REV=2000.01.08.18.12 contained in the SUNWzlib package. Both openssh and openssl appear to make properly and all the

Hi, I've seen many people complaining winbind can't handle expired Windows AD accounts and doesn't ask to change them. Is it something people can't just configure properly or it is not supported by design? Have anyone had luck getting it working properly? Thanks!

Problem: setting --with-tcpwrappers does not configure code to be compiled with wrapper support Solution: references to with_tcp_wrappers (lines 4975, 6396, 6397) need to be changed to with_tcpwrappers David Purks Sr Sys Admin Cogent Communications