similar to: Call for testing for 3.6: password expiry?

We are heading into a lock here. So we need to get people to test their respective platforms if they wish them to be supported out of the tar file. So if you have any patches you need to ensure your platform works speak up. We are looking at a lock on the 17th. I believe I have an AIX/Cray patch and a Tru64 patch sitting in my mailbox that I'll be looking at soon and more than likely

Hello All. Attached is an update to my previous patch to make do_pam_chauthtok and privsep play nicely together. First, a question: does anybody care about these or the password expiration patches? Anyway, the "PRIVSEP(do_pam_hauthtok())" has been moved to just after the pty has been allocated but before it's made the controlling tty. This allows the child running chauthtok to

Hi All. Attached is a patch that implements password expiry with PAM and privsep. It works by passing a descriptor to the tty to the monitor, which sets up a child with that tty as stdin/stdout/stderr, then runs chauthtok(). No setuid helpers. I used some parts of Michael Steffens' patch (bugid #423) to make it work on HP-UX. It's still rough but it works. Tested on Solaris 8 and

Hi All. Attached is a patch introduces password expiry handling for AIX (other platforms to follow). It is more or less the same as the previous patch but has been updated to reflect recent changes to auth-passwd.c I'm wondering if the AIX parts of auth.c should be moved to port-aix.c and if the generic password change functions (currently at the end of auth-passwd.c) belong in a separate

http://bugzilla.mindrot.org/show_bug.cgi?id=14 ------- Additional Comments From dtucker at zip.com.au 2003-01-09 23:17 ------- Created an attachment (id=199) --> (http://bugzilla.mindrot.org/attachment.cgi?id=199&action=view) Implement password change via /bin/passwd in session. openssh-passexpire10.patch: * Implementes shadow and AIX password expiry. * Adds general expire_message

http://bugzilla.mindrot.org/show_bug.cgi?id=14 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- OtherBugsDependingO| |793 nThis| | ------- You are receiving this mail because: ------- You are on the CC list for

Hi! What's the status of your password expiry patch for AIX? Do you have a working one using /bin/passwd and privsep? -jf

PrivilegeSeparation seems to be a valuable option, however at its current maturity level it is the cause of several problems. Just to name a few: - Incompatible with BSM auditing on Solaris - Incompatible with PAM password aging (for this reason??? the code to handle password expiration has been disabled without ANY notice) - Causes core dumps on HP-UX I think PrivilegeSeparation should be

fyi (i'm behind in following the passord expire efforts). ----- Forwarded message from Logu <logsnaath at gmx.net> ----- Date: Sat, 7 Dec 2002 02:42:52 +0530 From: "Logu" <logsnaath at gmx.net> To: <stevesk at cvs.openbsd.org> Cc: <kumaresh_ind at gmx.net> Subject: Password expiry related clarification in OpenSSH3.5p1 Hello Stevesk, We are using

To get BSM working on Solaris 8 with OpenSSH, I did this: Download John R. Jackson's OpenSSH 3.5p1 BSM patch here, and save as "patch.tar.gz": http://bugzilla.mindrot.org/show_bug.cgi?id=125 (NOTE TO OpenSSH DEVELOPERS, can you incorporate this patch into the next version of OpenSSH?) Installing the OpenSSH 3.5p1 BSM patch: ?-------------------------------------- Turning on Sun BSM

Hi All. With one eye on the do_pam_chauthtok() stuff I've merged contributions by Pablo Sor and Mark Pitt into a patch against -current. I'm interested in testers and suggestions for improvements. The patch extends the loginrestrictions test to include expired accounts (but unlike Mark's patch, doesn't log accounts with expired passwords unless they're locked) and adds

I took Markus Friedl's advice and set up a KbdintDevice for Kerberos password authentication/expiry. It took me a bit to wrap my head around privsep, but I think it's working properly (code stolen shamelessly from FBSD's PAM implementation :->). The hardest part was working out how to get the interaction between krb5_get_init_creds_password() (along with the prompter) to work

We have started using BSM and have hit the BSM issue where cron is messed up if you SSH into a Solaris 8 box and try to issue a cron job. I noticed the bug here: http://bugzilla.mindrot.org/show_bug.cgi?id=125 Is this patch applied to the OpenSSH 3.5p1 release? I tried installing OpenSSH 3.5p1 and turned off Privileged Separation in the sshd_config file, but I am still getting the cron issues

The do_pwchange() function in session.c needs to pass the username as an argument to the passwd command. Without it, passwd always fails with something like "passwd: unknown user" as if its getting a blank user arg. It's strange but so are many other things in SCO, which BTW was NOT my OS of choice :( To make it work I simply changed line 1317 to this: execl(_PATH_PASSWD_PROG,

http://bugzilla.mindrot.org/show_bug.cgi?id=14 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #215 is|0 |1 obsolete| | ------- Additional Comments From dtucker at zip.com.au 2003-02-20 20:51 -------

Can someone help me get BSM working with Solaris 8 and OpenSSH 3.5p1? I saw the patch here for OpenSSH 3.4p1, but do not know how to apply it to OpenSSH 3.4p1 nor do I feel comfortable modifying to work with OpenSSH 3.5p1: openssh-unix-dev at mindrot.org Is this patch needed to fix the BSM crontab issue only, or is it required for BSM auditing in general? Jeff

http://bugzilla.mindrot.org/show_bug.cgi?id=423 ------- Additional Comments From djm at mindrot.org 2003-03-10 12:06 ------- The patch looks good, but the only thing that makes me wary is the use of signals for IPC. Would it not be possible to do the chauthtok call earlier? E.g. after the call to do_pam_session() in do_exec_pty()? ------- You are receiving this mail because: ------- You

http://bugzilla.mindrot.org/show_bug.cgi?id=1087 djm at mindrot.org changed: What |Removed |Added ---------------------------------------------------------------------------- Group|Portable OpenSSH | ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=463 ------- Additional Comments From dtucker at zip.com.au 2003-05-10 12:59 ------- I've had a look at the OpenBSD source and I don't think OpenBSD *needs* a "Buffer loginmsg" right now. PrintLastLog can be easily fixed by updating s->last_login_time before the privsep split. So, is there another reason OpenBSD needs (or

http://bugzilla.mindrot.org/show_bug.cgi?id=568 ------- Additional Comments From michael.houle at atcoitek.com 2004-04-06 06:04 ------- Can someone please enlighten me on whether this kind of code is going to be included in the main development ? I thought this would be handled automatically by the krb5 libraries, so I was suprised to find that password changing doesn't work in the SSH