Re: OpenSSH3.5p1 vs. Commercial SSH 3.2

From: Darren Tucker (
Date: 01/28/03

From: (Darren Tucker)
Date: Tue, 28 Jan 2003 22:35:50 GMT

In article <>,
Philip Brown <> wrote:
>On Tue, 28 Jan 2003 13:41:22 GMT, wrote:
>>>... which broke password expiration with PAM. How do you feel when the only
>>>way login is with ssh and cannot login without password change and cannot
>>>change password because of privilege separation :(
>>If this is a problem for you then try the patch.
>If you stated up front (in the post) that it requires another setuid
>program to "fix" it, I wouldnt have bothered following the link.

The earlier patches in that bug do, but the one I referenced doesn't,
it adds a privsep wrapper for do_pam_chauthtok().

Darren Tucker (dtucker at
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

Relevant Pages