similar to: Test for locked account in auth.c (bug #442).

I'm looking at the password aging and account lock checks in auth.c:allowed_user(), and specifically their behaviour on HP-UX. First, should this code be ifdef'd away if we're using PAM? Next: /* Check account expiry */ if ((spw->sp_expire > 0) && (days > spw->sp_expire)) return 0; If I lock an account by entering too many incorrect passwords, sp_expire

I have used SSHD from openssh-3.7.1p1 on HP-UX 11:11. It works correctly and the entry in the logfile is: Sep 24 07:01:20 garm sshd[6625]: Accepted password for japs from 192.38.97.131 port 2463 Next I have upgraded to openssh-3.7.1p2 and restarted SSHD. It does not accept the password any more and the entries in the logfile are: Sep 24 12:21:38 garm sshd[19542]: User japs not allowed because

Hi. I have found a error of openssh-2.1.1p2 port on systems with a mixture of shadowed and non-shadowed passwords. I reported a same type of error to Mr. Miller when openssh-1.2.1pre23 was released. On our systems, our local machines have shadowed /etc/passwd (and /etc/shadow) and our NIS server distributes non-shadowed password of general users. We have to use

The primary purpose of the attached patches is for portable OpenSSH to support changing expired passwords as specified in shadow password files. To support that, I did a couple enhancements to the base OpenBSD OpenSSH code. They are: 1. Consolidated the handling of "forced_command" into a do_exec() function in session.c. These were being handled inconsistently and allocated

OpenSSH 3.0 has just been released. It will be available from the mirrors listed at http://www.openssh.com/ shortly. OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0 implementation and includes sftp client and server support. This release contains many portability bug-fixes (listed in the ChangeLog) as well as several new features (listed below). We would like to thank the

Could everyone please test the latest snapshots as we will be making a new release soon. If you have any patches you would like us to consider, please resend them to the list ASAP. -d -- | Damien Miller <djm at mindrot.org> \ ``E-mail attachments are the poor man's | http://www.mindrot.org / distributed filesystem'' - Dan Geer

Hello, I have recently downloaded and compiled openssh-3.7.1p2 on both HP-UX 10.20 and HP-UX 11.00. The compile went fine. Logging in on the system used for the build works fine. However, logging in on a different system (where the newly compiled openssh is installed) results in the following error: Permission denied (publickey,password,keyboard-interactive). I have tried several things I

Dear All, I can install OpenSSH 3.7.1p2 with OpenSSL 0.9.7c on HP-UX 11.0 without problem. However, I find that all valid accounts are treated as "locked" (even specify "AllowUsers USER1" in sshd_config) and can't make SSH connection to the server. Here is the message shown in syslog.log. Oct 3 16:49:17 SERVER_NAME sshd[12994]: User USER1 not allowed because account is

This is an attempt to simplify the AIX expiry-via-passwd stuff and make it more generic. (There's actually a net reduction in #ifdefs). Patch against CVS: 1) configure finds passwd. 2) sshd uses passwd during session if required. 3) sshd uses passwd for PAM change if privsep disabled. 4) sshd uses Buffers for expire and post-login messages (no longer AIX specific). 5) password_change_required

Hi All. With one eye on the do_pam_chauthtok() stuff I've merged contributions by Pablo Sor and Mark Pitt into a patch against -current. I'm interested in testers and suggestions for improvements. The patch extends the loginrestrictions test to include expired accounts (but unlike Mark's patch, doesn't log accounts with expired passwords unless they're locked) and adds

http://bugzilla.mindrot.org/show_bug.cgi?id=647 Summary: Setting "UsePAM no" in sshd_config gives error if not config'ed w/ --with-pam Product: Portable OpenSSH Version: -current Platform: Sparc OS/Version: SunOS Status: NEW Severity: minor Priority: P4 Component: sshd

I encountered a couple of strange events with respect to password authentication this morning. Two of our staff were unable to login onto several systems using their usual passwords. Both users had last logged in on these hosts using their accounts and passwords on Friday past. The two accounts could not log on to any of the servers for which they had access and the message log on each showed

QNX Neutrino does not support the shadow password database properly. Apart from misdocumenting /etc/shadow as having 4 fields when in fact it has 5 (including the "last changed" field), its getspnam() fills in the sp_expire field of the spwd structure with 0. And since by default, shadow support is enabled and the configure script turns on HAS_SHADOW_EXPIRE when it finds that field,

i'm working on this. this is what i have now. sp_inact is not handled consistently across shadow platforms, so i'm going to not address that right now. the following is the predecessor to bug14. what is the timeframe for 3.2.1p1? markus suggested a few more weeks. Index: auth.c =================================================================== RCS file: /var/cvs/openssh/auth.c,v

Hello! Today I've found, downloaded and compiled openssh-2.2.0-p1. It basically worked, except that users other than root were not allowed to login. My system is a Linux-2.4.0-test7 with glibc-2.1.3. No PAM is installed/used. It uses MD5 passwords and shadow with account expiration feature. In handling of the latter, a probable bug was found. In auth.c, allowed_user(), there is a code at

This is based on openssh-2.0.0beta1. There are a few rough spots: 1) SunOS doesn't have ut_type in struct utmp so I just whacked in the old login() from openssh-1.2.3. 2) There is a SUNOS4 section added to defines.h -- this could probably be a bit cleaner. 3) sigaction on SunOS is implemented via #defines to sigvec, thus there is no SA_RESTART (this is the default behavior).

http://bugzilla.mindrot.org/show_bug.cgi?id=633 Summary: Password authentication fails in HP-UX trusted mode due to DISABLE_SHADOW Product: Portable OpenSSH Version: -current Platform: HPPA OS/Version: HP-UX Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo:

Hi All. I (actually the tinderbox[1]) found a problem with the fix for bug #422: when PAM is enabled on a platform that uses /etc/shadow, the variable "passwd" in auth.c is used uninitialized. There's a simple patch attached to fix this. The question is: should the locked account test be done when PAM is enabled or should we rely on PAM to do the right thing? In theory they

Dear developers, The HPUX 10.20 trusted system hack doesn't work yet as intended. I have adapted the auth-passwd.c file to make it work. Please find a context diff file attached to this file. This diff is against the latest OpenSSH 2.2.0p1 released Sept 2, 2000. Also on HPUX 10.20, xauth is not found at the standard location. Perhaps this standard location could be changed automagically

After upgrading to openssh-3.4p1, password authentication is no longer working on my system. I'm running Linux RedHat 6.2 with: kernel 2.2.20 openssh-3.4p1 openssl-0.9.6 pam-0.72-6 pwdb-0.61-0 I've tried it with and without compression, with and without priv sep, and I always get errors like this: Jun 30 19:07:48 sugarfreejazz sshd[1344]: Failed password for randy from 10.10.10.2 port