Re: Solaris password requirements not enforced

From: Srinivas Gopaladasu (srinivas_gopaladasu_at_net.com)
Date: 08/02/04

  • Next message: Daniel R. Miessler: "Re: sun ssh/openssh interoperability problem"
    Date: Mon, 02 Aug 2004 14:19:53 -0700
    To: jmonko@phillynews.com
    
    

    I changed the "UseLogin" to yes but it did not help.

    With some investigation and debugging, I was able to figure this out.
    The problem was Soalris does not enforce any restrictions if "passwd" or
    "pam_chauthtok" is called as a root user.

    I changed the real user id of the process to the userId of login, before
    calling "pam_chauthtok" function and it worked.
    My only problem which I think probably be easily fixed is, any messages
    by Solaris are not displayed.
    For ex, it shows as below:

    ssh blade-dcl1 -l guest
    Password:
    New Password:
    Password:
    New Password:
    Re-enter new Password:
    Could not chdir to home directory /home/guest: No such file or directory
    Your password will expire in 1 day.
    No directory! Logging in with home=/
    Last login: Thu Jul 29 12:09:08 from nemo2
    Sun Microsystems Inc. SunOS 5.8 Generic Patch October 2001
    [WS 6.1 and Orbix 2000 Patch cluster installed Fri Jul 25 13:44:12 PDT
    2003]

    Any idea why the messages from Solaris are suppressed?

    Thanks
    Srini

    John Monko wrote:

    > In the "sshd_config" file (usually in /usr/local/etc for the
    > Freeware version), set the option "UseLogin" to "yes".
    >
    > John
    >
    > Srinivas Gopaladasu wrote:
    >
    >> Hi,
    >>
    >> The Solaris password requirements like
    >> a. no empty password
    >> b. minimum 6 chars
    >> etc for a regualr user are not enforced when a password expired user
    >> is changing password at the SSH login prompt.
    >>
    >> The version of openSSH I am using is 3.8.1 and Solaris 8 is where the
    >> sshd is running.
    >>
    >> Is anybody aware of this problem?
    >> Is there some configuration option I can use to enforce these
    >> password requirements?
    >>
    >> If its a bug, is there a patch already?
    >>
    >> I appreciate any help on this.
    >>
    >> Thanks
    >> Srini
    >>
    >>
    >>
    >>
    >


  • Next message: Daniel R. Miessler: "Re: sun ssh/openssh interoperability problem"

    Relevant Pages

    • Re: Solaris password requirements not enforced
      ... I changed the real user id of the process to the userId of login, ... Any idea why the messages from Solaris are suppressed? ... >> The Solaris password requirements like ... >> Is there some configuration option I can use to enforce these ...
      (SSH)
    • Re: Solaris Pam_krb5.so.1 problem after installing MIT 1.6.3
      ... I am actually using kerberos for authenticating logins through ssh. ... Because I had no DNS entry for this Solaris box I was getting the ... The Samba configure script was bombing ... Since I upgraded Samba and added the DNS entry I can successfully login ...
      (comp.protocols.kerberos)
    • Re: Solaris downloads
      ... its as if you never existed - you have to login all over again. ... Use firefox on Solaris or even Linux to get the images. ... I use OpenOffice instead. ... Because it installs with the rest of Nevada and Solaris 10 u5? ...
      (comp.unix.solaris)
    • RE: Solaris Pam_krb5.so.1 problem after installing MIT 1.6.3
      ... I am actually using kerberos for authenticating logins through ssh. ... This is indicative of DNS issues according to the Solaris Kerberos ... The Samba configure script was bombing ... Since I upgraded Samba and added the DNS entry I can successfully login ...
      (comp.protocols.kerberos)
    • Re: Solaris downloads
      ... its as if you never existed - you have to login all over again. ... Use firefox on Solaris or even Linux to get the images. ... Because it installs with the rest of Nevada and Solaris 10 u5? ... Patch 120186-16.zip is only 273116832 bytes in size. ...
      (comp.unix.solaris)