Re: password expires on solaris

From: Darren Tucker (dtucker_at_dodgy.net.au)
Date: 06/11/03 

Date: Wed, 11 Jun 2003 11:19:32 GMT

In article <Xns9396AD86BD3A8chrispagannet@206.124.0.13>,
Christopher Denney <chris@DO.pagan.NOT.net.SPAM> wrote:
>When a user's password expires on a Solaris 8 system running openssh-3.6p1
>they cannot log in (I pre-expire all new users, this sucks a lot) except
>with telnet. I started out with "./configure --with-pam"

See:
http://bugzilla.mindrot.org/show_bug.cgi?id=14
http://bugzilla.mindrot.org/show_bug.cgi?id=423
http://www.zip.com.au/~dtucker/openssh/

It's not all that obvious but the patch (passexpire20) found at the
last link will work for Solaris 8+PAM.

[snip]
>fatal: monitor_read: unsupported request: 24
> failed login from expired user ^^^^
>I am also concerned by the difference in messages.

That's actually a bug in the PrivSep+PAM support. The current devel
versions of OpenSSH has had a complete PAM overhaul. 

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.