Re: OpenSSH release schedule

From: Darren Tucker (dtucker_at_dodgy.net.au)
Date: 06/04/03

  • Next message: Darren Tucker: "Re: OpenSSH release schedule" 
    Date: Wed, 04 Jun 2003 10:02:26 GMT

    In article <59e70bda.0306032255.40b026dc@posting.google.com>,
    Martijn Bruns <martijn.bruns@eds.com> wrote:
    >Will some kind of account management (aging, blocking, forced change)
    >be included in the releases to come? I'd really like to be audit (We
    >call it OSAC. I'm not speaking for my employer btw) compliant in my
    >system admin practices, but maybe that's just me. :-)

    OpenSSH already partially supports many of these things but not on
    all platforms. For example, password and account expiry is supported
    on PAM and /etc/shadow platforms, but what isn't supported is forced
    password changes and (for shadow) expiry warnings. Account lockout
    (ie after N bad login attempts) is already supported if the underlying
    platform does it (I think that's only AIX and UNICOS).

    Off the top of my head, this is the status as at 3.6.1p2, for the
    platforms I'm reasonably sure about:

                    AcctExp PassExp ExpWarn ForceCh Lockout
    AIX N N N N F
    HP-UX native M M M M
    HP-UX trusted M M M M
    PAM F F F N
    /etc/shadow F F N N
    UNICOS F F F P [1] F

    F = fully works, P = partially works, N = planned for next release,
    M = not currently planned, maybe later

    [1] It will let you log in and change your password then kick you out
    immediately. 

    -- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
  • Next message: Darren Tucker: "Re: OpenSSH release schedule"

    Relevant Pages