Date: Tue, 18 Mar 2003 14:20:11 -0800 (PST) From: Julian Elischer <julian@elischer.org> To: Dag-Erling =?iso-8859-1?q?Sm=F8rgrav?= <des@ofug.org> Cc: re@freebsd.org, hackers@freebsd.org Subject: Re: rumour of password aging failure in 4.7/4.8RC Message-ID: <Pine.BSF.4.21.0303181417590.35378-100000@InterJet.elischer.org> In-Reply-To: <xzp3clk2ulz.fsf@flood.ping.uio.no>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 18 Mar 2003, Dag-Erling [iso-8859-1] Sm=F8rgrav wrote: > Julian Elischer <julian@elischer.org> writes: > > I've received a few reports from teh field that password aging > > with ssh in 4.7 and 4.8RC is broken. >=20 > Recent versions of OpenSSH do not support prompting the user for a new > password. I haven't tested it, but I think users with expired > passwords will simply be locked out. >=20 > > Is there anyone out there that is using passwork expiry=20 > > and ssh? Who's the expert? >=20 > In the FreeBSD community, that would be me. >=20 > > How does PAM come into this? >=20 > It doesn't, really. It's a privsep problem + the fact that some of > the pertinent code has been disabled and / or left unimplemented > because it wouldn't work with privsep (so turning privsep off won't > help). So, the fix would be to go back to an old version of ssh? there are patches in the OpenSSH mailing lists to make this work for AIX. (bug '14' if that helps). I can't work out what they do however. >=20 > DES > --=20 > Dag-Erling Sm=F8rgrav - des@ofug.org >=20 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0303181417590.35378-100000>