Re: OpenSSH3.5p1 vs. Commercial SSH 3.2

From: Darren Tucker (dtucker@dodgy.net.au)
Date: 01/28/03


From: dtucker@dodgy.net.au (Darren Tucker)
Date: Tue, 28 Jan 2003 22:35:50 GMT

In article <slrnb3dpov.3jo.phil+s3@bolthole.com>,
Philip Brown <phil+s3@bolthole.no-bots.com> wrote:
>On Tue, 28 Jan 2003 13:41:22 GMT, dtucker@dodgy.net.au wrote:
>>>...
>>>... which broke password expiration with PAM. How do you feel when the only
>>>way login is with ssh and cannot login without password change and cannot
>>>change password because of privilege separation :(
>>
>>If this is a problem for you then try the patch.
>>http://bugzilla.mindrot.org/attachment.cgi?id=198&action=view
>>http://bugzilla.mindrot.org/show_bug.cgi?id=423
>
>If you stated up front (in the post) that it requires another setuid
>program to "fix" it, I wouldnt have bothered following the link.

The earlier patches in that bug do, but the one I referenced doesn't,
it adds a privsep wrapper for do_pam_chauthtok().

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.