Re: OpenSSH Password Aging/Expiration on UW2.1.3

From: Bob Fontana (bfontana@codebench.NOSPAM.com)
Date: 10/29/02


From: "Bob Fontana" <bfontana@codebench.NOSPAM.com>
Date: 29 Oct 2002 10:14:12 -0600


On further review, the patch that Darren pointed to DOES work on UW 2.1.3.
 Try using gcc compiler.

I tested with Van Dyke Secure CRT 3.4. I get a popup that tells the user
they must change their password now. It prompts for the old password, new
password, and new password confirmation.

Using the newly rebuilt ssh client, the sequence starts out normally, however,
after the old password is submitted, a message is displayed, "You must change
your password now."

Then, the user is prompted for the old password again, followed by two new
password prompts.

I haven't regression tested all of the other SSH functionality, but at first
glance, this patch appears to do what is needed for UW 2.1.3.

-Bob

"Ed Melendez" <emelendez@easylink.com> wrote:
>Beata-
>
>Thank you for responding, but I'm afraid we are trying to discuss two
>different beast. I'm sure your resolution would be helpful, but I am having
>difficulties with UnixWare and not Solaris. As a matter-of-fact, my
>solaris2.6 installion works great after I tweaked the source code. If you
>are still experinceing difficulties I can surely give you a hand. Solaris
>2.8 is acting funny right now, but I think I can get that resolved...
>hopefully. If you have any info concerning UW2.1.3, I am all ears.
>
>Thanks Again,
>-Ed
>
>
>"Beata Jones" <beata@equinetsys.com> wrote in message
>news:3DBB1F87.6E4B2489@equinetsys.com...
>> Hi Ed,
>> Look at the thread 'OpenSSH (on Solaris) and forced password change'
- I
>asked
>> essantially the same question, to which Darren Tucker replied with a link
>to a
>> discussion site where someone has documented the problem: locking out
>users with
>> expired passwords is a bug in OpenSSH which started with version 3.4 and
>> apparently continues on (I'm running 3.5 on solaris and have run into
the
>same
>> thing). Supposedly version 3.1p1 works fine, but I haven't tested it yet
-
>> finding an obsolete version of OpenSSH will probably be no picnic, either.
>Good
>> luck!
>>
>> Beata
>>
>> Ed Melendez wrote:
>>
>> > Hello All-
>> >
>> > I have been trying to have OpenSSH support password aging/expiration
for
>> > several weeks now, with no luck. I am compiling OpenSSH v3.4p1 and
>v3.5p1
>> > from source code (www.openssh.org) onto UnixWare 2.1.3. I was able
to
>get
>> > this functionality in Solaris using PAM support (and a slight
>modification
>> > of the source code), but uw does not have support for PAM... I have
even
>> > tried to use OpenPAM, but that was another mess. I have recently
>compiled
>> > OpenSSH with md5 support, but that had no positive effect either.
>> >
>> > Example:
>> > I have a user named bob.
>> > I set his account (bob) to require a new password at the next login
>> > (passwd -f bob)
>> > When user bob attempts to login, he receives an authenication failure
>and is
>> > not allowed access.
>> >
>> > Below is the output when I run sshd in debuging mode (sshd -ddd):
>> >
>> > debug1: userauth-request for user bob service ssh-connection method
none
>> > debug1: attempt 0 failures 0
>> > debug3: allowed_user: today 11978 sp_expire -1 sp_lstchg 0 sp_max 168
>> > User bob password has expired (root forced)
>> > input_userauth_request: illegal user bob
>> > debug2: input_userauth_request: try method none
>> > Failed none for illegal user bob from <ip address> port 1570 ssh2
>> > debug1: userauth-request for user bob service ssh-connection method
>password
>> > debug1: attempt 1 failures 1
>> > debug2: input_userauth_request: try method password
>> > Failed password for illegal user bob from <ip address> port 1570 ssh2
>> >
>> > Has anyone been able to set-up password ageing/expiration on
>UnixWare2.1.3?
>> >
>> > Thanks In Advance,
>> > -Ed
>>
>> --
>> ***************************
>> Beata Jones
>> Sr. UNIX Systems Consultant
>> Equinet Systems Inc.
>> beata@equinetsys.com
>> bus: 703.779.9346
>> cell: 703.727.1750
>> home: 540.338.9632
>>
>>
>
>

-----------== Posted via Newsfeed.Com - Uncensored Usenet News ==----------
   http://www.newsfeed.com The #1 Newsgroup Service in the World!
-----= Over 100,000 Newsgroups - Unlimited Fast Downloads - 19 Servers =-----



Relevant Pages