Re: OpenSSH Password Aging/Expiration on UW2.1.3
From: Bob Fontana (bfontana@codebench.NOSPAM.com)Date: 10/29/02
- Previous message: Pierre Asselin: "Re: SSH 2 and Putty"
- In reply to: Ed Melendez: "Re: OpenSSH Password Aging/Expiration on UW2.1.3"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Bob Fontana" <bfontana@codebench.NOSPAM.com> Date: Tue, 29 Oct 2002 17:19:59 -0500
Ed,
Yes, I used the GNU patch.
1. Rename the openssh-3.5p1 build directlry to openssh-3.5p1.orig
mv openssh-3.5p1 openssh-3.5p1.orig
2. Make a new directory for the patch:
mkdir openssh-3.5p1-passexpire
3. Make a copy of openssh-3.5p1.orig into
cd openssh-3.5p1.orig
find . -print | cpio -pdvdum ../openssh-3.5p1-passexpire
4. Edit the patch file, openssh-3.5p1-passexpire7.patch and remove the lines
containing "diff -ru" and save the file as
../openssh-3.5p1-passexpire/p1.patch (in the new build directory)
5. Changed to the new build directory and apply the patch:
cd ../openssh-3.5p1-passexpire
/usr/local/bin/patch < p1.patch
6. Configure, build, install:
./configure
make
make install
My config.log:
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
It was created by configure, which was
generated by GNU Autoconf 2.53. Invocation command line was
$ ./configure --with-ssl-dir=/usr/local/ssl
## --------- ##
## Platform. ##
## --------- ##
hostname = pp155a.codebench.com
uname -m = i386
uname -r = 4.2MP
uname -s = UNIX_SV
uname -v = 2.1.3
/usr/bin/uname -p = x86at
/bin/uname -X =
System = UNIX_Sys
Node = unix
Release = 4.2MP
KernelID = 98/04/27
Machine = i386at
BusType = ISA
Serial =
Users =
OEM# = 0
Origin# = 1
NumCPU = 1
/bin/arch = unknown
/usr/bin/arch -k = unknown
/usr/convex/getsysinfo = unknown
hostinfo = unknown
/bin/machine = unknown
/usr/bin/oslevel = unknown
/bin/universe = unknown
PATH: /usr/sbin
PATH: /bin
PATH: /sbin
PATH: /usr/local/bin
"Ed Melendez" <emelendez@easylink.com> wrote in message
news:CWCv9.63$tI3.15577@dca1-nnrp1.news.algx.net...
> Bob-
>
> How actually did you build with the patch. Are you using the standard
patch
> command or the gnu version? What is the command syntax you used? I am
> compiling on a fresh install and am having difficulties applying the
patch.
>
> Thanks,
> -Ed
>
> "Bob Fontana" <bfontana@codebench.NOSPAM.com> wrote in message
> news:3dbeb3d4@news.newsgroups.com...
> >
> > On further review, the patch that Darren pointed to DOES work on UW
2.1.3.
> > Try using gcc compiler.
> >
> > I tested with Van Dyke Secure CRT 3.4. I get a popup that tells the
user
> > they must change their password now. It prompts for the old password,
new
> > password, and new password confirmation.
> >
> > Using the newly rebuilt ssh client, the sequence starts out normally,
> however,
> > after the old password is submitted, a message is displayed, "You must
> change
> > your password now."
> >
> > Then, the user is prompted for the old password again, followed by two
new
> > password prompts.
> >
> > I haven't regression tested all of the other SSH functionality, but at
> first
> > glance, this patch appears to do what is needed for UW 2.1.3.
> >
> > -Bob
> >
> > "Ed Melendez" <emelendez@easylink.com> wrote:
> > >Beata-
> > >
> > >Thank you for responding, but I'm afraid we are trying to discuss two
> > >different beast. I'm sure your resolution would be helpful, but I am
> having
> > >difficulties with UnixWare and not Solaris. As a matter-of-fact, my
> > >solaris2.6 installion works great after I tweaked the source code. If
> you
> > >are still experinceing difficulties I can surely give you a hand.
> Solaris
> > >2.8 is acting funny right now, but I think I can get that resolved...
> > >hopefully. If you have any info concerning UW2.1.3, I am all ears.
> > >
> > >Thanks Again,
> > >-Ed
> > >
> > >
> > >"Beata Jones" <beata@equinetsys.com> wrote in message
> > >news:3DBB1F87.6E4B2489@equinetsys.com...
> > >> Hi Ed,
> > >> Look at the thread 'OpenSSH (on Solaris) and forced password change'
> > - I
> > >asked
> > >> essantially the same question, to which Darren Tucker replied with a
> link
> > >to a
> > >> discussion site where someone has documented the problem: locking out
> > >users with
> > >> expired passwords is a bug in OpenSSH which started with version 3.4
> and
> > >> apparently continues on (I'm running 3.5 on solaris and have run into
> > the
> > >same
> > >> thing). Supposedly version 3.1p1 works fine, but I haven't tested it
> yet
> > -
> > >> finding an obsolete version of OpenSSH will probably be no picnic,
> either.
> > >Good
> > >> luck!
> > >>
> > >> Beata
> > >>
> > >> Ed Melendez wrote:
> > >>
> > >> > Hello All-
> > >> >
> > >> > I have been trying to have OpenSSH support password
aging/expiration
> > for
> > >> > several weeks now, with no luck. I am compiling OpenSSH v3.4p1 and
> > >v3.5p1
> > >> > from source code (www.openssh.org) onto UnixWare 2.1.3. I was able
> > to
> > >get
> > >> > this functionality in Solaris using PAM support (and a slight
> > >modification
> > >> > of the source code), but uw does not have support for PAM... I have
> > even
> > >> > tried to use OpenPAM, but that was another mess. I have recently
> > >compiled
> > >> > OpenSSH with md5 support, but that had no positive effect either.
> > >> >
> > >> > Example:
> > >> > I have a user named bob.
> > >> > I set his account (bob) to require a new password at the next login
> > >> > (passwd -f bob)
> > >> > When user bob attempts to login, he receives an authenication
failure
> > >and is
> > >> > not allowed access.
> > >> >
> > >> > Below is the output when I run sshd in debuging mode (sshd -ddd):
> > >> >
> > >> > debug1: userauth-request for user bob service ssh-connection method
> > none
> > >> > debug1: attempt 0 failures 0
> > >> > debug3: allowed_user: today 11978 sp_expire -1 sp_lstchg 0 sp_max
168
> > >> > User bob password has expired (root forced)
> > >> > input_userauth_request: illegal user bob
> > >> > debug2: input_userauth_request: try method none
> > >> > Failed none for illegal user bob from <ip address> port 1570 ssh2
> > >> > debug1: userauth-request for user bob service ssh-connection method
> > >password
> > >> > debug1: attempt 1 failures 1
> > >> > debug2: input_userauth_request: try method password
> > >> > Failed password for illegal user bob from <ip address> port 1570
ssh2
> > >> >
> > >> > Has anyone been able to set-up password ageing/expiration on
> > >UnixWare2.1.3?
> > >> >
> > >> > Thanks In Advance,
> > >> > -Ed
> > >>
> > >> --
> > >> ***************************
> > >> Beata Jones
> > >> Sr. UNIX Systems Consultant
> > >> Equinet Systems Inc.
> > >> beata@equinetsys.com
> > >> bus: 703.779.9346
> > >> cell: 703.727.1750
> > >> home: 540.338.9632
> > >>
> > >>
> > >
> > >
> >
> >
> >
> > -----------== Posted via Newsfeed.Com - Uncensored Usenet News
> ==----------
> > http://www.newsfeed.com The #1 Newsgroup Service in the World!
> > -----= Over 100,000 Newsgroups - Unlimited Fast Downloads - 19 Servers
> =-----
>
>
-----------== Posted via Newsfeed.Com - Uncensored Usenet News ==----------
http://www.newsfeed.com The #1 Newsgroup Service in the World!
-----= Over 100,000 Newsgroups - Unlimited Fast Downloads - 19 Servers =-----
- Next message: Darren Tucker: "Re: OpenSSH Password Aging/Expiration on UW2.1.3"
- Previous message: Pierre Asselin: "Re: SSH 2 and Putty"
- In reply to: Ed Melendez: "Re: OpenSSH Password Aging/Expiration on UW2.1.3"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
