From owner-freebsd-hackers  Tue Mar 18 14:20:20 2003
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 7585A37B401; Tue, 18 Mar 2003 14:20:18 -0800 (PST)
Received: from sccrmhc03.attbi.com (sccrmhc03.attbi.com [204.127.202.63])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 855A843F75; Tue, 18 Mar 2003 14:20:17 -0800 (PST)
	(envelope-from julian@elischer.org)
Received: from interjet.elischer.org (12-232-168-4.client.attbi.com[12.232.168.4])
          by sccrmhc03.attbi.com (sccrmhc03) with ESMTP
          id <2003031822201600300db1soe>; Tue, 18 Mar 2003 22:20:16 +0000
Received: from localhost (localhost.elischer.org [127.0.0.1])
	by InterJet.elischer.org (8.9.1a/8.9.1) with ESMTP id OAA80961;
	Tue, 18 Mar 2003 14:20:13 -0800 (PST)
Date: Tue, 18 Mar 2003 14:20:11 -0800 (PST)
From: Julian Elischer <julian@elischer.org>
To: Dag-Erling =?iso-8859-1?q?Sm=F8rgrav?= <des@ofug.org>
Cc: re@freebsd.org, hackers@freebsd.org
Subject: Re: rumour of password aging failure in 4.7/4.8RC
In-Reply-To: <xzp3clk2ulz.fsf@flood.ping.uio.no>
Message-ID: <Pine.BSF.4.21.0303181417590.35378-100000@InterJet.elischer.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=X-UNKNOWN
Content-Transfer-Encoding: QUOTED-PRINTABLE
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-hackers.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-hackers>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-hackers>
X-Loop: FreeBSD.ORG



On Tue, 18 Mar 2003, Dag-Erling [iso-8859-1] Sm=F8rgrav wrote:

> Julian Elischer <julian@elischer.org> writes:
> > I've received a few reports from teh field that password aging
> > with ssh in 4.7 and 4.8RC is broken.
>=20
> Recent versions of OpenSSH do not support prompting the user for a new
> password.  I haven't tested it, but I think users with expired
> passwords will simply be locked out.
>=20
> > Is there anyone out there that is using passwork expiry=20
> > and ssh? Who's the expert?
>=20
> In the FreeBSD community, that would be me.
>=20
> > How does PAM come into this?
>=20
> It doesn't, really.  It's a privsep problem + the fact that some of
> the pertinent code has been disabled and / or left unimplemented
> because it wouldn't work with privsep (so turning privsep off won't
> help).

So, the fix would be to go back to an old version of ssh?

there are patches in the OpenSSH mailing lists to make this work for
AIX. (bug '14' if that helps). I can't work out what they do however.

>=20
> DES
> --=20
> Dag-Erling Sm=F8rgrav - des@ofug.org
>=20


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message