Date: Thu, 12 Aug 1999 14:08:43 -0400 From: "Joe Gleason" <clash@tasam.com> To: "Bigby Findrake" <bigby@shiva.eu.org> Cc: <freebsd-security@FreeBSD.ORG> Subject: Re: making sshd2 check user expiration dates Message-ID: <009101bee4ed$f01395b0$0286860a@tasam.com> References: <Pine.BSF.4.05.9908120359030.5932-100000@shiva.eu.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> On Thu, 12 Aug 1999, Joe Gleason wrote: > > > I'm not sure if security is the right list, but this has to do with allowing > > or denying access to a system based on expiration date, which I consider > > relevant to security. > > > > Does anyone know how to make sshd2 check user expiration dates? > > > > I did a quick test, and telnet, pop3, ftpd and sshd1 all do NOT allow a user > > with an expired account to login. > > sshd2 however does. > > > > By expired I mean field 7 in master.passwd file having a number that is > > between 0 and the current time in seconds exclusive. > > > > I am running FreeBSD 3.2-stable (a few days old) > > > > I installed ssh via installing /usr/ports/security/ssh and then > > /usr/ports/security/ssh2 (that way I have all the ssh1 stuff for > > compatibility). I haven't touched the config's much, if at all. I looked > > through the man page and config files real quick and didn't see anything > > about user expiration dates. It is 3am, so I could have easily missed > > something. Anyone with any ideas of experience with this, any help would be > > appreicated. I would really prefer not to have to hack something odd > > togather to support expiration dates. > > This is a shot in the dark but I would suggest playing with the "UseLogin" > parameter in the /etc/sshd_config file. > My sshd_config is in /usr/local/etc, but that is unimportant. I'm pretty sure sshd_config is for sshd1 only. sshd2 has it's own config: /usr/local/etc/ssh2/sshd2_config In my tests, sshd1 works fine, even with the UseLogin option off. sshd2_config doesn't mention anything like that. If I remember correct from expermination I did back in the 2.2.x days, UseLogin for sshd1 was required only to get login class restrictions to work. I could be mistaken about that. Joe Gleason Tasam To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?009101bee4ed$f01395b0$0286860a>