Re: OpenSSH Password Aging/Expiration on UW2.1.3

From: 209.189.89.243 (bfontana@nospam.com)
Date: 10/28/02 

From: "209.189.89.243" <bfontana@nospam.com>
Date: Mon, 28 Oct 2002 17:44:51 -0500

I have UW2.1.3 running openssh-3.5p1. I noticed the same problem. I just
tried the patch that Darren referred. Yes, the code builds, but the
behavior is the same - the user is not prompted to change the password.

-Bob

"Ed Melendez" <emelendez@easylink.com> wrote in message
news:0Xiv9.116$9C2.35001@dca1-nnrp1.news.algx.net...
> Beata-
>
> Thank you for responding, but I'm afraid we are trying to discuss two
> different beast. I'm sure your resolution would be helpful, but I am
having
> difficulties with UnixWare and not Solaris. As a matter-of-fact, my
> solaris2.6 installion works great after I tweaked the source code. If you
> are still experinceing difficulties I can surely give you a hand. Solaris
> 2.8 is acting funny right now, but I think I can get that resolved...
> hopefully. If you have any info concerning UW2.1.3, I am all ears.
>
> Thanks Again,
> -Ed
>
>
> "Beata Jones" <beata@equinetsys.com> wrote in message
> news:3DBB1F87.6E4B2489@equinetsys.com...
> > Hi Ed,
> > Look at the thread 'OpenSSH (on Solaris) and forced password change' -
I
> asked
> > essantially the same question, to which Darren Tucker replied with a
link
> to a
> > discussion site where someone has documented the problem: locking out
> users with
> > expired passwords is a bug in OpenSSH which started with version 3.4 and
> > apparently continues on (I'm running 3.5 on solaris and have run into
the
> same
> > thing). Supposedly version 3.1p1 works fine, but I haven't tested it
yet -
> > finding an obsolete version of OpenSSH will probably be no picnic,
either.
> Good
> > luck!
> >
> > Beata
> >
> > Ed Melendez wrote:
> >
> > > Hello All-
> > >
> > > I have been trying to have OpenSSH support password aging/expiration
for
> > > several weeks now, with no luck. I am compiling OpenSSH v3.4p1 and
> v3.5p1
> > > from source code (www.openssh.org) onto UnixWare 2.1.3. I was able to
> get
> > > this functionality in Solaris using PAM support (and a slight
> modification
> > > of the source code), but uw does not have support for PAM... I have
even
> > > tried to use OpenPAM, but that was another mess. I have recently
> compiled
> > > OpenSSH with md5 support, but that had no positive effect either.
> > >
> > > Example:
> > > I have a user named bob.
> > > I set his account (bob) to require a new password at the next login
> > > (passwd -f bob)
> > > When user bob attempts to login, he receives an authenication failure
> and is
> > > not allowed access.
> > >
> > > Below is the output when I run sshd in debuging mode (sshd -ddd):
> > >
> > > debug1: userauth-request for user bob service ssh-connection method
none
> > > debug1: attempt 0 failures 0
> > > debug3: allowed_user: today 11978 sp_expire -1 sp_lstchg 0 sp_max 168
> > > User bob password has expired (root forced)
> > > input_userauth_request: illegal user bob
> > > debug2: input_userauth_request: try method none
> > > Failed none for illegal user bob from <ip address> port 1570 ssh2
> > > debug1: userauth-request for user bob service ssh-connection method
> password
> > > debug1: attempt 1 failures 1
> > > debug2: input_userauth_request: try method password
> > > Failed password for illegal user bob from <ip address> port 1570 ssh2
> > >
> > > Has anyone been able to set-up password ageing/expiration on
> UnixWare2.1.3?
> > >
> > > Thanks In Advance,
> > > -Ed
> >
> > --
> > ***************************
> > Beata Jones
> > Sr. UNIX Systems Consultant
> > Equinet Systems Inc.
> > beata@equinetsys.com
> > bus: 703.779.9346
> > cell: 703.727.1750
> > home: 540.338.9632
> >
> >
>
>