similar to: [PATCH] Add expired password handling for AIX.

Hi All. Attached is a patch introduces password expiry handling for AIX (other platforms to follow). It is more or less the same as the previous patch but has been updated to reflect recent changes to auth-passwd.c I'm wondering if the AIX parts of auth.c should be moved to port-aix.c and if the generic password change functions (currently at the end of auth-passwd.c) belong in a separate

This is an attempt to simplify the AIX expiry-via-passwd stuff and make it more generic. (There's actually a net reduction in #ifdefs). Patch against CVS: 1) configure finds passwd. 2) sshd uses passwd during session if required. 3) sshd uses passwd for PAM change if privsep disabled. 4) sshd uses Buffers for expire and post-login messages (no longer AIX specific). 5) password_change_required

Under AIX there are three security settings: expires = a fixed date at which an account is no longer valid maxage= weeks before a password expires maxexpires=max weeks during which a password can be changed by a user after expiration AFTER WHICH ACCESS IS NOT ALLOWED Beauty of maxage with expires is, that no manual intervention is required to block inactive users. With maxage=5 and expires=1 an

Hi All. With one eye on the do_pam_chauthtok() stuff I've merged contributions by Pablo Sor and Mark Pitt into a patch against -current. I'm interested in testers and suggestions for improvements. The patch extends the loginrestrictions test to include expired accounts (but unlike Mark's patch, doesn't log accounts with expired passwords unless they're locked) and adds

Hi, I have made a patch for AIX to report the number of days till a password expire and to prompt for a new one. This patch was made for openssh-SNAP-20010904.tar.gz (2.9p2) of the CVS repository. If you have any suggestion or question to submit, please cc to me, I'm not in the list. Bye -- Pablo Sor Departamento de Seguridad Informatica - AFIP psor at afip.gov.ar, psor at ccc.uba.ar

Hi All. Attached is a patch that implements password expiry with PAM and privsep. It works by passing a descriptor to the tty to the monitor, which sets up a child with that tty as stdin/stdout/stderr, then runs chauthtok(). No setuid helpers. I used some parts of Michael Steffens' patch (bugid #423) to make it work on HP-UX. It's still rough but it works. Tested on Solaris 8 and

Hello All. Attached is an update to my previous patch to make do_pam_chauthtok and privsep play nicely together. First, a question: does anybody care about these or the password expiration patches? Anyway, the "PRIVSEP(do_pam_hauthtok())" has been moved to just after the pty has been allocated but before it's made the controlling tty. This allows the child running chauthtok to

Dear R useRs, i try to compute the posterior mean for the parameters omega and beta for the following posterior density. I have simulated data where i know that the true values of omega=12 and beta=0.01. With the function postMeanOmega and postMeanBeta i wanted to compute the mean values of omega and beta by numerical integration, but instead of omega=12 and beta=0.01 i get omega=11.49574 and

Hello, I have an intermittent authentication error between a Windows 2003 Server and AIX 6.1 TL4 Samba 2.2.7. I have the Samba server passing auth details to an active directory server. The account exists on AIX but is locked and there is no smbpasswd entry (this is how I setup all my samba shares). On the Windows server a mapping has been created to mount this path on restart. In most cases

http://bugzilla.mindrot.org/show_bug.cgi?id=869 Summary: Password expiration does not work for LDAP users Product: Portable OpenSSH Version: -current Platform: PPC OS/Version: AIX Status: NEW Severity: critical Priority: P2 Component: Miscellaneous AssignedTo: openssh-bugs at mindrot.org

Sorry to repost, but I finally have the code on a machine that has diff -u, and I've updated it for 2.9p2. Attached is the unified diff to add logging of SFTP activity to auth.info. If there is a more proper way to contrib patches, please let me know. Cheers, Jason # "Jason A. Dour" <jason at dour.org> http://dour.org/ # Founder / Executive Producer - PJ

Hi, I was doing some research on why new openssh-versions (3.4 and 3.5p1) doesnt ask you to change expired passwords (it just disconnects you) and found something curious. Line 259 of auth-pam.c has "#if 0" and then the code to set some vars (eg. password_change_required to true) followed by an "endif". Why is that? I'm not a C expert, but I think "if 0" is

All, I am having a winbind module load error on aix 7.1 trying to load winbind module for 3.6.0. methods.cfg WINBIND: program_64 = /usr/lib/security/WINBIND_64 (have tried authonly here) NIS: program = /usr/lib/security/NIS program_64 = /usr/lib/security/NIS_64 DCE: program = /usr/lib/security/DCE [root] on [barrow] on [/rehash/samba-3.6.0] {932}

The patch does not include a method to modify the config.h file with the define PASSWD_PROGRAM_PATH "/path/to/passwd" entry. Once I manually added the line, the make worked properly.

This is another take on logging for sftp-server. Given the number of private email requests I've received for this patch, I assume there is signifigant enough interest to request it be reviewed for inclusion into the release. The patch is against 3.1p1, and is completely disabled by default. To enable logging, one must use compile time directives (-DSFTP_LOGGING). This was done due to prior

All, I am having a winbind module load error on aix 7.1 trying to load winbind module for 3.6.0. methods.cfg WINBIND: program_64 = /usr/lib/security/WINBIND_64 (have tried authonly here) NIS: program = /usr/lib/security/NIS program_64 = /usr/lib/security/NIS_64 DCE: program = /usr/lib/security/DCE [root] on [barrow] on [/rehash/samba-3.6.0] {932}

When we installed OpenSSH 2.1.1p4 on our Solaris systems, our users noticed that it did not honor password expiration consistently with other Solaris login services. The patch below is against OpenSSH 2.2.0p1 and adds support for PAM password changes on expiration via pam_chauthtok(). A brief summary of changes: auth-pam.c: * change declaration of pamh to "static pam_handle_t *pamh",

Hi All, We're implementing a fully integrated Samba setup with the Active directory on IBM AIX. From AIX level we have established the single sign on against Windows AD 2012R2. Currently the following user accounts and groups exists on the AD domain. # cat /etc/samba/smb.conf [global] security = ADS workgroup = PAPERCLIP realm = PAPERCLIP.SC.NZ

Hi All. While working on something I noticed core dumps from sshd. They don't seem to be related to what I was working on. It's from the process forked to run the shell. Just after the fork, fatal_remove_all_cleanups() is called, which looks like: fatal_remove_all_cleanups(void) { struct fatal_cleanup *cu, *next_cu; for (cu = fatal_cleanups; cu; cu = next_cu) {

All, I am having a winbind module load error on aix 7.1 trying to load winbind module for 3.6.0. methods.cfg WINBIND: program_64 = /usr/lib/security/WINBIND_64 (have tried authonly here) NIS: program = /usr/lib/security/NIS program_64 = /usr/lib/security/NIS_64 DCE: program = /usr/lib/security/DCE [root] on [barrow] on [/rehash/samba-3.6.0] {932}