similar to: password expiry patch

Hello All. Attached is an update to my previous patch to make do_pam_chauthtok and privsep play nicely together. First, a question: does anybody care about these or the password expiration patches? Anyway, the "PRIVSEP(do_pam_hauthtok())" has been moved to just after the pty has been allocated but before it's made the controlling tty. This allows the child running chauthtok to

http://bugzilla.mindrot.org/show_bug.cgi?id=14 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #215 is|0 |1 obsolete| | ------- Additional Comments From dtucker at zip.com.au 2003-02-20 20:51 -------

I have tried this patch (against 3.5p1) and would very much like it to be in the OpenSSH 3.6p1 release, if possible: http://bugzilla.mindrot.org/show_bug.cgi?id=14 On that note, I'd like the Sun BSM patch to be included also, if possible. I have it working applied to 3.5p1: http://bugzilla.mindrot.org/show_bug.cgi?id=125 In fact, both patches work together, apparently. If I have any

http://bugzilla.mindrot.org/show_bug.cgi?id=14 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED ------- Additional Comments From dtucker at zip.com.au 2003-04-15 09:57 ------- Patch against 3.6.1p1 now available. No

fyi (i'm behind in following the passord expire efforts). ----- Forwarded message from Logu <logsnaath at gmx.net> ----- Date: Sat, 7 Dec 2002 02:42:52 +0530 From: "Logu" <logsnaath at gmx.net> To: <stevesk at cvs.openbsd.org> Cc: <kumaresh_ind at gmx.net> Subject: Password expiry related clarification in OpenSSH3.5p1 Hello Stevesk, We are using

On Thu, 7 Mar 2024 at 12:00, The Doctor <doctor at doctor.nl2k.ab.ca> wrote: > On Thu, Mar 07, 2024 at 09:58:38AM +1100, Darren Tucker wrote: [...] > > Please try this patch. Note that you will need to run "autoreconf" to > > rebuild configure before rerunning it. [...] > In which test release can this be made available? It has not been committed and is not

On Thu, Mar 07, 2024 at 01:19:36PM +1100, Darren Tucker wrote: > On Thu, 7 Mar 2024 at 12:00, The Doctor <doctor at doctor.nl2k.ab.ca> wrote: > > On Thu, Mar 07, 2024 at 09:58:38AM +1100, Darren Tucker wrote: > [...] > > > Please try this patch. Note that you will need to run "autoreconf" to > > > rebuild configure before rerunning it. > [...] >

Hi! What's the status of your password expiry patch for AIX? Do you have a working one using /bin/passwd and privsep? -jf

On Thu, Mar 07, 2024 at 09:58:38AM +1100, Darren Tucker wrote: > On Thu, Mar 07, 2024 at 09:39:31AM +1100, Darren Tucker wrote: > > On Thu, 7 Mar 2024 at 02:19, Damien Miller <djm at mindrot.org> wrote: > > > On Tue, 5 Mar 2024, The Doctor wrote: > > > > Showstopper problem! > > > > > > > > I want configure to work with

On Thu, 7 Mar 2024 at 13:39, The Doctor <doctor at doctor.nl2k.ab.ca> wrote: > > On Thu, Mar 07, 2024 at 01:19:36PM +1100, Darren Tucker wrote: > > On Thu, 7 Mar 2024 at 12:00, The Doctor <doctor at doctor.nl2k.ab.ca> wrote: > > > On Thu, Mar 07, 2024 at 09:58:38AM +1100, Darren Tucker wrote: > > [...] > > > > Please try this patch. Note that you

One difference I notice is that in your failing example you are invoking /usr/bin/ld directly to link: /usr/bin/ld -o ssh ssh.o readconf.o clientloop.o sshtty.o sshconnect.o sshconnect2.o mux.o -L. -Lopenbsd-compat/ -Wl,-z,retpolineplt -Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack -fstack-protector-strong -pie -lssh -lopenbsd-compat -lutil -lz -lcrypt -lresolv whereas my example is

Hi All. With one eye on the do_pam_chauthtok() stuff I've merged contributions by Pablo Sor and Mark Pitt into a patch against -current. I'm interested in testers and suggestions for improvements. The patch extends the loginrestrictions test to include expired accounts (but unlike Mark's patch, doesn't log accounts with expired passwords unless they're locked) and adds

Hi All. Attached is a patch that implements password expiry with PAM and privsep. It works by passing a descriptor to the tty to the monitor, which sets up a child with that tty as stdin/stdout/stderr, then runs chauthtok(). No setuid helpers. I used some parts of Michael Steffens' patch (bugid #423) to make it work on HP-UX. It's still rough but it works. Tested on Solaris 8 and

From the ChangeLog: - dtucker at cvs.openbsd.org 2007/06/25 12:02:27 [atomicio.c] Include <poll.h> like the man page says rather than <sys/poll.h>. ok djm@ This was probably ill-advised given the history of this header file. Some older systems, and some not-quite-XSI-compliant systems such as QNX Neutrino, still have <sys/poll.h> but not <poll.h>. I

Hi all, just I tried to upgrade openssh from 3.5p1 to 3.6.1p2 on Reliant Unix 5.45 and run into this error: root at soltest: tail /var/adm/log/messages .... May 23 15:45:28 soltest unix: sshd[4013]: Accepted password for root from 10.128.11.72 port 2624 ssh2 May 23 15:45:28 soltest unix: sshd[4101]: error: setsid: Not owner May 23 15:45:28 soltest unix: sshd[4101]: error: open /dev/tty failed -

Hello, as you read by the subject I am trying to compile openssh-3.6.1p2 with AIX password expiry patch. Operating system is AIX 4.3 using gcc 2.9-aix43-010414 I am using prngd as my entropy. My configuration flags are as follows: --with-prngd-socket=/dev/egd-pool --prefix=/usr/local/openssh I run into the following errors when I run make: ld: 0711-317 ERROR: Undefined symbol:

http://bugzilla.mindrot.org/show_bug.cgi?id=536 stuge-openssh-unix-dev at cdy.org changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|no access to tty on Linux |no access to tty on Linux |2.0 |2.0 and 2.4+libc5 ------- Additional Comments

Hi, I was just wondering if any of you would be able to help me with pointers to find a fix for the known problem in SSH2 that the server does not properly disconnect after the login grace time is reached. Thanks for your time ! Regards, Bhuvana

I am having a problem with usernames that are longer than 8 characters on the following system types: Solaris 8, Solaris 9 OpenSSH 4.2p1 OpenSSL 0.9.8a When logging in with an SSH client like PuTTY, OpenSSH or SecureCRT, the username is truncated when the password is asked to be changed. Below is output from a PuTTY session when logging in to a system with an expired password and a username

Hi All. Right now, if OpenSSH is configure'ed --with-kerberos5 and the system has a krb5-config that's not in /usr/local/bin then configure won't find it. The attached patch changes this so krb5-config will be used if it's anywhere in the path (although if it exists in the directory specified by --with-kerberos5= then the user-supplied path will take precedence). You will