Re: AIX's LDAP with PAM and Expired password

From: KS (khatirsaiyed_at_templeinland.com)
Date: 09/23/05 

Date: 22 Sep 2005 16:02:04 -0700

The non-working instance is when too many unsuccessful attempt are
already made ssh does not display message like what telnet displays
saying "3004-303 There have been too many unsuccessful login attempts;
please see
        the system administrator."

And also same in the case of expired password, ssh does not pass on pam
messages to the user (terminal).

The working case is the password notification saying "Your password
will expire: Thu Sep 29 00:00:00 2005", after the successful login.

I have installed the patch (seems like similar issue) with "patch -p1 <
./patch-filename" command and following is the output.

missing header for unified diff at line 8 of patch
can't find file to patch at input line 8
Perhaps you used the wrong -p or --strip option?
The text leading up to this was:
--------------------------
|Index: auth-pam.c
|===================================================================
|RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/auth-pam.c,v
|retrieving revision 1.121
|diff -u -p -r1.121 auth-pam.c
|--- auth-pam.c 20 Jan 2005 02:29:51 -0000 1.121
|+++ auth-pam.c 2 May 2005 05:49:45 -0000
--------------------------
File to patch: auth-pam.c
patching file auth-pam.c
xdevapp1:/home/sysadm/ksaiyed/rpm/BUILD/openssh-4.0p1 $ sdiff -s
auth-pam.c auth-pam.c.patched
xdevapp1:/home/sysadm/ksaiyed/rpm/BUILD/openssh-4.0p1 $ sdiff -s
auth-pam.c auth-pam.c.orig
                case PAM_AUTH_ERR: <
                        debug3("PAM: PAM_AUTH_ERR"); <
                        if (**prompts != NULL && strlen(**prom <
                                *info = **prompts; <
                                **prompts = NULL; <
                                *num = 0; <
                                **echo_on = 0; <
                                ctxt->pam_done = -1; <
                                return 0; <
                        } <
                        /* FALLTHROUGH */ <

And I'm not using privilegeseperation.

Any direction, would be of great help.

Thanks
Khatir

Relevant Pages

  • Re: Somebody is keep trying to ssh into my systems, how can I stop that?
    ... First, we are in a LINUX security group, NOT ... BSD security, Second, what "mostly" happens on BSD does not mean that ssh ... Saying "mostly" does not mean that small parts do ...
    (comp.os.linux.security)
  • The Talk: ssh - are you nuts!?!
    ... Today at 7:45pm (local time) this talk will start. ... Christmas I related this to my brother-in-law, ... The title is "SSH - are you nuts!?!" ... -What I won't be saying ...
    (FreeBSD-Security)
  • Re: Zaxcom recording radios... another shameless rave
    ... Again, I can't keep saying ... saying this proposed workflow is an unsuccessful idea or will be an ... we issue proclamations like, "This is the only system that will work ... "This STANDS A GOOD CHANCE of being the only system..." ...
    (rec.arts.movies.production.sound)
  • Re: system() with 2 commands
    ... I would love to do this as a non-root user, ... unsuccessful in the future in allow another user to execute a command ... Also, I do have ssh ... server I am not root, but I need to perform a useradd... ...
    (comp.lang.perl.misc)
  • Re: Looking for the best way of sending a 50MB file
    ... >>> Paul ... > Or like the old saying goes: ... >> first read the man pages for ssh, sshd and ssh-keygen ('man ssh' and ... >> After you have working configuration on both machines you will need just ...
    (Fedora)