Re: AIX's LDAP with PAM and Expired password

From: Darren Tucker (dtucker_at_gate.dodgy.net.au)
Date: 09/23/05 

Date: 23 Sep 2005 09:58:17 GMT

On 2005-09-22, KS <khatirsaiyed@templeinland.com> wrote:
> The non-working instance is when too many unsuccessful attempt are
> already made ssh does not display message like what telnet displays
> saying "3004-303 There have been too many unsuccessful login attempts;
> please see the system administrator."
>
> And also same in the case of expired password, ssh does not pass on pam
> messages to the user (terminal).

How that works depends on the SSH authentication method. Which method(s)
are you using?

> The working case is the password notification saying "Your password
> will expire: Thu Sep 29 00:00:00 2005", after the successful login.
>
> I have installed the patch (seems like similar issue) with "patch -p1 <
> ./patch-filename" command and following is the output.
>
> missing header for unified diff at line 8 of patch
[...]

It looks like the patch didn't apply. If it's the patch from
http://bugzilla.mindrot.org/show_bug.cgi?id=1028 (and it looks like it)
then it's a unified diff and AIX's patch program doesn't understand them.
Use GNU patch instead.

Assuming you get it to apply, this patch only helps with
keyboard-interactive authentication (password authentication should already
work). 

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

Relevant Pages