similar to: [Bug 14] Can't change expired /etc/shadow password without PAM

http://bugzilla.mindrot.org/show_bug.cgi?id=14 Bug 14 depends on bug 463, which changed state. Bug 463 Summary: PrintLastLog doesn't work in privsep mode http://bugzilla.mindrot.org/show_bug.cgi?id=463 What |Old Value |New Value ---------------------------------------------------------------------------- Status|ASSIGNED

http://bugzilla.mindrot.org/show_bug.cgi?id=14 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- OtherBugsDependingO| |793 nThis| | ------- You are receiving this mail because: ------- You are on the CC list for

Hi All. Attached is a patch that converts pam_chauthtok_conv into a generic pam_tty_conv, which is used rather than null_conv for do_pam_session. This allows, for example, display of messages from PAM session modules. The accumulation of PAM messages into loginmsg won't help until there is a way to collect loginmsg from the monitor (see, eg, the patches for bug #463). This is because the

http://bugzilla.mindrot.org/show_bug.cgi?id=14 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED ------- Additional Comments From dtucker at zip.com.au 2003-04-15 09:57 ------- Patch against 3.6.1p1 now available. No

http://bugzilla.mindrot.org/show_bug.cgi?id=14 ------- Additional Comments From dtucker at zip.com.au 2003-01-09 23:17 ------- Created an attachment (id=199) --> (http://bugzilla.mindrot.org/attachment.cgi?id=199&action=view) Implement password change via /bin/passwd in session. openssh-passexpire10.patch: * Implementes shadow and AIX password expiry. * Adds general expire_message

http://bugzilla.mindrot.org/show_bug.cgi?id=14 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #215 is|0 |1 obsolete| | ------- Additional Comments From dtucker at zip.com.au 2003-02-20 20:51 -------

http://bugzilla.mindrot.org/show_bug.cgi?id=463 ------- Additional Comments From dtucker at zip.com.au 2003-05-10 12:59 ------- I've had a look at the OpenBSD source and I don't think OpenBSD *needs* a "Buffer loginmsg" right now. PrintLastLog can be easily fixed by updating s->last_login_time before the privsep split. So, is there another reason OpenBSD needs (or

http://bugzilla.mindrot.org/show_bug.cgi?id=14 ------- Additional Comments From dwd at bell-labs.com 2001-11-10 08:17 ------- Created an attachment (id=5) add suggested patch ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=14 stevesk at pobox.com changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|openssh-unix-dev at mindrot.org|stevesk at pobox.com Status|ASSIGNED |NEW ------- Additional Comments From stevesk at pobox.com

http://bugzilla.mindrot.org/show_bug.cgi?id=14 ------- Additional Comments From stevesk at pobox.com 2002-05-12 04:04 ------- i'm not immediately positive if no_port_forwarding_flag=1 is sufficient. need to investigate more. ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

http://bugzilla.mindrot.org/show_bug.cgi?id=14 djm at mindrot.org changed: What |Removed |Added ---------------------------------------------------------------------------- OtherBugsDependingO| |627 nThis| | ------- You are receiving this mail because: ------- You are on the CC list for the

Hi All. Attached is a patch which adds AIX native password expiry support to sshd. It will only apply to -current and is a subset of the patch I have been working on in the last few months (see bug #14 [1]). It contains code by Pablo Sor, Mark Pitt and Zdenek Tlusty and fixes for bugs reported by many others (see [2] for a full list). It adds a do_tty_change_password function that execs

This is an attempt to simplify the AIX expiry-via-passwd stuff and make it more generic. (There's actually a net reduction in #ifdefs). Patch against CVS: 1) configure finds passwd. 2) sshd uses passwd during session if required. 3) sshd uses passwd for PAM change if privsep disabled. 4) sshd uses Buffers for expire and post-login messages (no longer AIX specific). 5) password_change_required

Hi All. With one eye on the do_pam_chauthtok() stuff I've merged contributions by Pablo Sor and Mark Pitt into a patch against -current. I'm interested in testers and suggestions for improvements. The patch extends the loginrestrictions test to include expired accounts (but unlike Mark's patch, doesn't log accounts with expired passwords unless they're locked) and adds

http://bugzilla.mindrot.org/show_bug.cgi?id=1053 Summary: The nonquery messages from PAM account aren't forwarded to user (privsep) Product: Portable OpenSSH Version: 4.1p1 Platform: All OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: PAM support

Hi all, This is a patch against 4.2p1 (compiling for a Linux --- an old, highly customized 7.2 to be specific). When I compiled it from your original source, installed it, and turned on PAM (for passwd aging), I couldn't get the passwd expiration warnings as specified in /etc/shadow to work at all (the message that is supposed to warn you as you're logging in that your passwd will expire

Hi All. I'm pleased to report that as of yesterday, OpenSSH -current now supports forced changes of expired passwords on most platforms, and bug #14 is now closed. Specifically, AIX's native authentication, BSD Authentication and shadow passwords with the expiry field are supported. The password is changed by exec'ing /usr/bin/passwd in the session. Interested parties should

Hi there, I have just compiled up 3.6.1p2 both with and without Darren Tuckers passexpire patch. However, with the patch applied /etc/nologin isn't displayed to users (on AIX 5.1 / PSSP) The patched vesion seems to fail with "illegal user" - some parts of a debug 3 log... debug1: userauth-request for user ade45 service ssh-connection method none debug1: attempt 0 failures 0

Hello! Please consider including the attached patch in the next release. It allows one to drop privilege separation code while building openssh by using '--disable-privsep' switch of configure script. If one doesn't use privilege separation at all, why don't simply allow him to drop privilege separation support completely? -- Sincerely Your, Dan. -------------- next part

Hi All. I've decided to try to merge the -Portable parts of the password expiry patch (see bug #14) that do not depend on the OpenBSD change in bug #463. The attached patch is the first step in this process. It removes the AIX-specific "char *aixloginmsg" and replaces it with a platform-neutral "Buffer loginmsg". I think this is worth having in -Portable even if it