Re: Solaris password requirements not enforced

From: Srinivas Gopaladasu (srinivas_gopaladasu_at_net.com)
Date: 08/02/04

  • Next message: Daniel R. Miessler: "Re: sun ssh/openssh interoperability problem"
    Date: Mon, 02 Aug 2004 14:19:53 -0700
    To: jmonko@phillynews.com
    
    

    I changed the "UseLogin" to yes but it did not help.

    With some investigation and debugging, I was able to figure this out.
    The problem was Soalris does not enforce any restrictions if "passwd" or
    "pam_chauthtok" is called as a root user.

    I changed the real user id of the process to the userId of login, before
    calling "pam_chauthtok" function and it worked.
    My only problem which I think probably be easily fixed is, any messages
    by Solaris are not displayed.
    For ex, it shows as below:

    ssh blade-dcl1 -l guest
    Password:
    New Password:
    Password:
    New Password:
    Re-enter new Password:
    Could not chdir to home directory /home/guest: No such file or directory
    Your password will expire in 1 day.
    No directory! Logging in with home=/
    Last login: Thu Jul 29 12:09:08 from nemo2
    Sun Microsystems Inc. SunOS 5.8 Generic Patch October 2001
    [WS 6.1 and Orbix 2000 Patch cluster installed Fri Jul 25 13:44:12 PDT
    2003]

    Any idea why the messages from Solaris are suppressed?

    Thanks
    Srini

    John Monko wrote:

    > In the "sshd_config" file (usually in /usr/local/etc for the
    > Freeware version), set the option "UseLogin" to "yes".
    >
    > John
    >
    > Srinivas Gopaladasu wrote:
    >
    >> Hi,
    >>
    >> The Solaris password requirements like
    >> a. no empty password
    >> b. minimum 6 chars
    >> etc for a regualr user are not enforced when a password expired user
    >> is changing password at the SSH login prompt.
    >>
    >> The version of openSSH I am using is 3.8.1 and Solaris 8 is where the
    >> sshd is running.
    >>
    >> Is anybody aware of this problem?
    >> Is there some configuration option I can use to enforce these
    >> password requirements?
    >>
    >> If its a bug, is there a patch already?
    >>
    >> I appreciate any help on this.
    >>
    >> Thanks
    >> Srini
    >>
    >>
    >>
    >>
    >


  • Next message: Daniel R. Miessler: "Re: sun ssh/openssh interoperability problem"