Date: Thu, 12 Aug 1999 03:59:30 -0700 (PDT) From: Bigby Findrake <bigby@shiva.eu.org> To: Joe Gleason <clash@tasam.com> Cc: freebsd-security@FreeBSD.ORG Subject: Re: making sshd2 check user expiration dates Message-ID: <Pine.BSF.4.05.9908120359030.5932-100000@shiva.eu.org> In-Reply-To: <007701bee491$7c14a070$0286860a@tasam.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 12 Aug 1999, Joe Gleason wrote: > I'm not sure if security is the right list, but this has to do with allowing > or denying access to a system based on expiration date, which I consider > relevant to security. > > Does anyone know how to make sshd2 check user expiration dates? > > I did a quick test, and telnet, pop3, ftpd and sshd1 all do NOT allow a user > with an expired account to login. > sshd2 however does. > > By expired I mean field 7 in master.passwd file having a number that is > between 0 and the current time in seconds exclusive. > > I am running FreeBSD 3.2-stable (a few days old) > > I installed ssh via installing /usr/ports/security/ssh and then > /usr/ports/security/ssh2 (that way I have all the ssh1 stuff for > compatibility). I haven't touched the config's much, if at all. I looked > through the man page and config files real quick and didn't see anything > about user expiration dates. It is 3am, so I could have easily missed > something. Anyone with any ideas of experience with this, any help would be > appreicated. I would really prefer not to have to hack something odd > togather to support expiration dates. This is a shot in the dark but I would suggest playing with the "UseLogin" parameter in the /etc/sshd_config file. /-------------------------------------------------------------------------/ Experience is something you don't get until just after you need it. finger bigby@shiva.eu.org for my pgpkey e-mail bigby@pager.shiva.eu.org to page me /-------------------------------------------------------------------------/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.05.9908120359030.5932-100000>