Re: OpenSSH Password Aging/Expiration on UW2.1.3

From: Ed Melendez (emelendez@easylink.com)
Date: 10/31/02 

From: "Ed Melendez" <emelendez@easylink.com>
Date: Thu, 31 Oct 2002 00:32:05 GMT

Bob / Darren-

Thank you so much for providing me with such great assistance. The patch
works great on my UW 2.1.3 box. I have to use it on Solaris 8, and I'm sure
I wont have any problems.

-Ed

"Bob Fontana" <bfontana@codebench.NOSPAM.com> wrote in message
news:3dbf09cd$1_3@news.newsgroups.com...
> Ed,
>
> Yes, I used the GNU patch.
>
> 1. Rename the openssh-3.5p1 build directlry to openssh-3.5p1.orig
> mv openssh-3.5p1 openssh-3.5p1.orig
>
> 2. Make a new directory for the patch:
> mkdir openssh-3.5p1-passexpire
>
> 3. Make a copy of openssh-3.5p1.orig into
> cd openssh-3.5p1.orig
> find . -print | cpio -pdvdum ../openssh-3.5p1-passexpire
>
> 4. Edit the patch file, openssh-3.5p1-passexpire7.patch and remove the
lines
> containing "diff -ru" and save the file as
> ../openssh-3.5p1-passexpire/p1.patch (in the new build directory)
>
> 5. Changed to the new build directory and apply the patch:
>
> cd ../openssh-3.5p1-passexpire
> /usr/local/bin/patch < p1.patch
>
> 6. Configure, build, install:
>
> ./configure
> make
> make install
>
> My config.log:
>
> This file contains any messages produced by compilers while
> running configure, to aid debugging if configure makes a mistake.
>
> It was created by configure, which was
> generated by GNU Autoconf 2.53. Invocation command line was
>
> $ ./configure --with-ssl-dir=/usr/local/ssl
>
> ## --------- ##
> ## Platform. ##
> ## --------- ##
>
> hostname = pp155a.codebench.com
> uname -m = i386
> uname -r = 4.2MP
> uname -s = UNIX_SV
> uname -v = 2.1.3
>
> /usr/bin/uname -p = x86at
> /bin/uname -X =
> System = UNIX_Sys
> Node = unix
> Release = 4.2MP
> KernelID = 98/04/27
> Machine = i386at
> BusType = ISA
> Serial =
> Users =
> OEM# = 0
> Origin# = 1
> NumCPU = 1
>
> /bin/arch = unknown
> /usr/bin/arch -k = unknown
> /usr/convex/getsysinfo = unknown
> hostinfo = unknown
> /bin/machine = unknown
> /usr/bin/oslevel = unknown
> /bin/universe = unknown
>
> PATH: /usr/sbin
> PATH: /bin
> PATH: /sbin
> PATH: /usr/local/bin
>
>
>
> "Ed Melendez" <emelendez@easylink.com> wrote in message
> news:CWCv9.63$tI3.15577@dca1-nnrp1.news.algx.net...
> > Bob-
> >
> > How actually did you build with the patch. Are you using the standard
> patch
> > command or the gnu version? What is the command syntax you used? I am
> > compiling on a fresh install and am having difficulties applying the
> patch.
> >
> > Thanks,
> > -Ed
> >
> > "Bob Fontana" <bfontana@codebench.NOSPAM.com> wrote in message
> > news:3dbeb3d4@news.newsgroups.com...
> > >
> > > On further review, the patch that Darren pointed to DOES work on UW
> 2.1.3.
> > > Try using gcc compiler.
> > >
> > > I tested with Van Dyke Secure CRT 3.4. I get a popup that tells the
> user
> > > they must change their password now. It prompts for the old password,
> new
> > > password, and new password confirmation.
> > >
> > > Using the newly rebuilt ssh client, the sequence starts out normally,
> > however,
> > > after the old password is submitted, a message is displayed, "You must
> > change
> > > your password now."
> > >
> > > Then, the user is prompted for the old password again, followed by two
> new
> > > password prompts.
> > >
> > > I haven't regression tested all of the other SSH functionality, but at
> > first
> > > glance, this patch appears to do what is needed for UW 2.1.3.
> > >
> > > -Bob
> > >
> > > "Ed Melendez" <emelendez@easylink.com> wrote:
> > > >Beata-
> > > >
> > > >Thank you for responding, but I'm afraid we are trying to discuss two
> > > >different beast. I'm sure your resolution would be helpful, but I am
> > having
> > > >difficulties with UnixWare and not Solaris. As a matter-of-fact, my
> > > >solaris2.6 installion works great after I tweaked the source code.
If
> > you
> > > >are still experinceing difficulties I can surely give you a hand.
> > Solaris
> > > >2.8 is acting funny right now, but I think I can get that resolved...
> > > >hopefully. If you have any info concerning UW2.1.3, I am all ears.
> > > >
> > > >Thanks Again,
> > > >-Ed
> > > >
> > > >
> > > >"Beata Jones" <beata@equinetsys.com> wrote in message
> > > >news:3DBB1F87.6E4B2489@equinetsys.com...
> > > >> Hi Ed,
> > > >> Look at the thread 'OpenSSH (on Solaris) and forced password
change'
> > > - I
> > > >asked
> > > >> essantially the same question, to which Darren Tucker replied with
a
> > link
> > > >to a
> > > >> discussion site where someone has documented the problem: locking
out
> > > >users with
> > > >> expired passwords is a bug in OpenSSH which started with version
3.4
> > and
> > > >> apparently continues on (I'm running 3.5 on solaris and have run
into
> > > the
> > > >same
> > > >> thing). Supposedly version 3.1p1 works fine, but I haven't tested
it
> > yet
> > > -
> > > >> finding an obsolete version of OpenSSH will probably be no picnic,
> > either.
> > > >Good
> > > >> luck!
> > > >>
> > > >> Beata
> > > >>
> > > >> Ed Melendez wrote:
> > > >>
> > > >> > Hello All-
> > > >> >
> > > >> > I have been trying to have OpenSSH support password
> aging/expiration
> > > for
> > > >> > several weeks now, with no luck. I am compiling OpenSSH v3.4p1
and
> > > >v3.5p1
> > > >> > from source code (www.openssh.org) onto UnixWare 2.1.3. I was
able
> > > to
> > > >get
> > > >> > this functionality in Solaris using PAM support (and a slight
> > > >modification
> > > >> > of the source code), but uw does not have support for PAM... I
have
> > > even
> > > >> > tried to use OpenPAM, but that was another mess. I have recently
> > > >compiled
> > > >> > OpenSSH with md5 support, but that had no positive effect either.
> > > >> >
> > > >> > Example:
> > > >> > I have a user named bob.
> > > >> > I set his account (bob) to require a new password at the next
login
> > > >> > (passwd -f bob)
> > > >> > When user bob attempts to login, he receives an authenication
> failure
> > > >and is
> > > >> > not allowed access.
> > > >> >
> > > >> > Below is the output when I run sshd in debuging mode (sshd -ddd):
> > > >> >
> > > >> > debug1: userauth-request for user bob service ssh-connection
method
> > > none
> > > >> > debug1: attempt 0 failures 0
> > > >> > debug3: allowed_user: today 11978 sp_expire -1 sp_lstchg 0 sp_max
> 168
> > > >> > User bob password has expired (root forced)
> > > >> > input_userauth_request: illegal user bob
> > > >> > debug2: input_userauth_request: try method none
> > > >> > Failed none for illegal user bob from <ip address> port 1570 ssh2
> > > >> > debug1: userauth-request for user bob service ssh-connection
method
> > > >password
> > > >> > debug1: attempt 1 failures 1
> > > >> > debug2: input_userauth_request: try method password
> > > >> > Failed password for illegal user bob from <ip address> port 1570
> ssh2
> > > >> >
> > > >> > Has anyone been able to set-up password ageing/expiration on
> > > >UnixWare2.1.3?
> > > >> >
> > > >> > Thanks In Advance,
> > > >> > -Ed
> > > >>
> > > >> --
> > > >> ***************************
> > > >> Beata Jones
> > > >> Sr. UNIX Systems Consultant
> > > >> Equinet Systems Inc.
> > > >> beata@equinetsys.com
> > > >> bus: 703.779.9346
> > > >> cell: 703.727.1750
> > > >> home: 540.338.9632
> > > >>
> > > >>
> > > >
> > > >
> > >
> > >
> > >
> > > -----------== Posted via Newsfeed.Com - Uncensored Usenet News
> > ==----------
> > > http://www.newsfeed.com The #1 Newsgroup Service in the
World!
> > > -----= Over 100,000 Newsgroups - Unlimited Fast Downloads - 19 Servers
> > =-----
> >
> >
>
>
>
>
> -----------== Posted via Newsfeed.Com - Uncensored Usenet News
==----------
> http://www.newsfeed.com The #1 Newsgroup Service in the World!
> -----= Over 100,000 Newsgroups - Unlimited Fast Downloads - 19 Servers
=-----

Relevant Pages