similar to: [PATCH] AIX password expiration

Here are some patches to re-enable support for AIX's authenticate routines. With them, ssh will honor locked & unlocked accounts, record successful and unsuccessful logins, and deny accounts that are prohibited to log in via the network. Tested with AIX 4.3. It also includes a fix for handling SIGCHLD that may be needed for other platforms (HP-UX 10.20, for example). If I get the time

This is an attempt to simplify the AIX expiry-via-passwd stuff and make it more generic. (There's actually a net reduction in #ifdefs). Patch against CVS: 1) configure finds passwd. 2) sshd uses passwd during session if required. 3) sshd uses passwd for PAM change if privsep disabled. 4) sshd uses Buffers for expire and post-login messages (no longer AIX specific). 5) password_change_required

Using openssh-SNAP-20001016 all of our problems with hanging connections have gone away (woohoo!), and it seems to be working flawlessly, but I am seeing messages like this in syslog: Oct 24 16:57:48 dhumb301 sshd[17752]: error: channel 0: internal error: we do not read, but chan_read_failed for istate 8 Oct 24 16:57:59 dhumb301 sshd[17771]: error: select: Bad file descriptor Oct 24 16:58:30

Hi All. Attached is a patch introduces password expiry handling for AIX (other platforms to follow). It is more or less the same as the previous patch but has been updated to reflect recent changes to auth-passwd.c I'm wondering if the AIX parts of auth.c should be moved to port-aix.c and if the generic password change functions (currently at the end of auth-passwd.c) belong in a separate

Is anyone maintaining the OSF_SIA support in openssh? This seems to be an obvious bug triggered if you try to connect as a non-existant user. >From auth1.c line 459 #elif defined(HAVE_OSF_SIA) (sia_validate_user(NULL, saved_argc, saved_argv, get_canonical_hostname(), pw->pw_name, NULL, 0, NULL, "") == SIASUCCESS)) { #else /*

Hi All. I've decided to try to merge the -Portable parts of the password expiry patch (see bug #14) that do not depend on the OpenBSD change in bug #463. The attached patch is the first step in this process. It removes the AIX-specific "char *aixloginmsg" and replaces it with a platform-neutral "Buffer loginmsg". I think this is worth having in -Portable even if it

Under AIX there are three security settings: expires = a fixed date at which an account is no longer valid maxage= weeks before a password expires maxexpires=max weeks during which a password can be changed by a user after expiration AFTER WHICH ACCESS IS NOT ALLOWED Beauty of maxage with expires is, that no manual intervention is required to block inactive users. With maxage=5 and expires=1 an

When we installed OpenSSH 2.1.1p4 on our Solaris systems, our users noticed that it did not honor password expiration consistently with other Solaris login services. The patch below is against OpenSSH 2.2.0p1 and adds support for PAM password changes on expiration via pam_chauthtok(). A brief summary of changes: auth-pam.c: * change declaration of pamh to "static pam_handle_t *pamh",

Hi All. Attached is a patch which adds AIX native password expiry support to sshd. It will only apply to -current and is a subset of the patch I have been working on in the last few months (see bug #14 [1]). It contains code by Pablo Sor, Mark Pitt and Zdenek Tlusty and fixes for bugs reported by many others (see [2] for a full list). It adds a do_tty_change_password function that execs

Hello, as you read by the subject I am trying to compile openssh-3.6.1p2 with AIX password expiry patch. Operating system is AIX 4.3 using gcc 2.9-aix43-010414 I am using prngd as my entropy. My configuration flags are as follows: --with-prngd-socket=/dev/egd-pool --prefix=/usr/local/openssh I run into the following errors when I run make: ld: 0711-317 ERROR: Undefined symbol:

Compile openssh-3.8p1 with gcc and the following flags --prefix=/tmp/build/sshd --with-ssl-dir=/tmp/build/lib --with-utmpx, no PAM. Everything complies correctly, and I changed sshd_config to use "UseLogin yes" When my client connects (using the newer ssh client too), I do not get the message that my password will expire in xx days, but sshd shows that it is picking up that info (next

Hi there, I have just compiled up 3.6.1p2 both with and without Darren Tuckers passexpire patch. However, with the patch applied /etc/nologin isn't displayed to users (on AIX 5.1 / PSSP) The patched vesion seems to fail with "illegal user" - some parts of a debug 3 log... debug1: userauth-request for user ade45 service ssh-connection method none debug1: attempt 0 failures 0

Hi, I've gone and ported the latest version of openssh, 3.1p1, to GNU/Hurd. I've tried to learn from the other threads on this topic, but I still had to get rid of MAXHOSTNAMELEN where I could. James A. Morrison diff -urN openssh-3.1p1.old/Makefile.in openssh-3.1p1/Makefile.in --- openssh-3.1p1.old/Makefile.in Tue Feb 26 14:24:22 2002 +++ openssh-3.1p1/Makefile.in Tue Apr 9 16:16:49

Hi, I noticed that the AIX specific loginsuccess call uses char *aixloginmsg to retrieve login information. Later this message is printed in session.c (around line 753). Loginsuccess mallocs space for this message and according to the aix docs it's the responsibility of the calling program to free this message. I didn't notice any code in openssh that would free the aixloginmsg. Can

OpenBSD tree is heading into a lock and this includes OpenSSH. So we are winding up for a 3.5 release. If we can get people to test the current snapshots and report any problems that would improve the odds that your platform won't be broke for 3.5. Issues I know off of right now. 1. I can't test NeXT. So I TRULY need someone in that community to test for me. Last I heard there was

sorry, Darren. Long over due comments. [..] >+/* Record a failed login attempt. */ >+void >+record_failed_login(const char *user, const char *host, const char *ttyname) >+{ >+#ifdef WITH_AIXAUTHENTICATE >+ loginfailed(user, host, ttyname); >+#endif >+#ifdef _UNICOS >+ cray_login_failure((char *)user, IA_UDBERR); >+#endif /* _UNICOS */ >+} I like the

--- auth1.c.orig Sat Feb 3 18:17:53 2001 Bringa AIX modes in line with latest changes to auth1.c +++ auth1.c Sat Feb 3 18:19:15 2001 @@ -347,7 +347,7 @@ if (authctxt->failures++ > AUTH_FAIL_MAX) { #ifdef WITH_AIXAUTHENTICATE - loginfailed(user,get_canonical_hostname(),"ssh"); +

Hi, I have made a patch for AIX to report the number of days till a password expire and to prompt for a new one. This patch was made for openssh-SNAP-20010904.tar.gz (2.9p2) of the CVS repository. If you have any suggestion or question to submit, please cc to me, I'm not in the list. Bye -- Pablo Sor Departamento de Seguridad Informatica - AFIP psor at afip.gov.ar, psor at ccc.uba.ar

http://bugzilla.mindrot.org/show_bug.cgi?id=383 ------- Additional Comments From markus at openbsd.org 2002-08-23 07:46 ------- what does "rlogin set to false" mean? ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

Hi, I just got a comment from one of my IBM support engineeres that there is a problem with auth-passwd.c only calling authenticate() once. He claims it should potentially be called several times, in case several authetication methods are defined in /etc/security/user. F.ex.: SYSTEM = "NIS and DCE" Suggested (untested) patch should look like: ----------------- cut