[Bug 633] Password authentication fails in HP-UX trusted mode due to DISABLE_SHADOW

Wed Sep 24 21:37:54 EST 2003

http://bugzilla.mindrot.org/show_bug.cgi?id=633

------- Additional Comments From michael_steffens at hp.com  2003-09-24 21:37 -------
Hi Darren,

now that PAM is in distress (won't reason about why here) I think having pw hash
retrieval directed to getspnam is even more desirable for all version of HP-UX.

For 10.x versions still in use (10.20 presumably the vast majority) I have
found OS patches containing the getwent family (not introducing it!) in libsec:

 10.10  PHCO_11208  (published 1997/06/06)
 10.20  PHCO_11214  (published 1997/06/09)

both addressing "adding/removing users can cause getspwent(3) to loop".

For 10.00 and 10.01 I had to unpack PHCO_9817 (published 1997/02/17) and
examine libsec.1 using nm:

_fgetspwent         |     58032|extern|entry  |
_fgetspwent         |     58128|extern|code   |$CODE$
_fgetspwent_r       |     73892|extern|entry  |
_fgetspwent_r       |     73940|extern|code   |$CODE$
_getspwaid          |     57540|extern|entry  |
_getspwaid          |     57612|extern|code   |$CODE$
_getspwaid_r        |     73016|extern|entry  |
_getspwaid_r        |     73064|extern|code   |$CODE$
_getspwent          |     58528|extern|entry  |
_getspwent          |     58576|extern|code   |$CODE$
_getspwent_r        |     74348|extern|entry  |
_getspwent_r        |     74420|extern|code   |$CODE$
_getspwnam          |     56888|extern|entry  |
_getspwnam          |     56936|extern|code   |$CODE$
_getspwnam_r        |     71548|extern|entry  |
_getspwnam_r        |     71668|extern|code   |$CODE$
_getspwuid          |     57196|extern|entry  |
_getspwuid          |     57268|extern|code   |$CODE$
_getspwuid_r        |     72312|extern|entry  |
_getspwuid_r        |     72360|extern|code   |$CODE$
fgetspwent          |     58056|extern|entry  |
fgetspwent          |     58128|extern|code   |$CODE$
fgetspwent_r        |     73916|extern|entry  |
fgetspwent_r        |     73940|extern|code   |$CODE$
getspent            |     56576|extern|entry  |
getspent            |     56648|extern|code   |$CODE$
getspnam            |     56752|extern|entry  |
getspnam            |     56776|extern|code   |$CODE$
getspwaid           |     57564|extern|entry  |
getspwaid           |     57612|extern|code   |$CODE$
getspwaid_r         |     73040|extern|entry  |
getspwaid_r         |     73064|extern|code   |$CODE$
getspwent           |     58552|extern|entry  |
getspwent           |     58576|extern|code   |$CODE$
getspwent_r         |     74372|extern|entry  |
getspwent_r         |     74420|extern|code   |$CODE$
getspwnam           |     56912|extern|entry  |
getspwnam           |     56936|extern|code   |$CODE$
getspwnam_r         |     71572|extern|entry  |
getspwnam_r         |     71668|extern|code   |$CODE$
getspwuid           |     57220|extern|entry  |
getspwuid           |     57268|extern|code   |$CODE$
getspwuid_r         |     72336|extern|entry  |
getspwuid_r         |     72360|extern|code   |$CODE$

So these functions are at least present. Can't test these very old ones,
however, as we don't have any of them any more.

All these patches are also the latest libsec patches for these platforms. My
two cents are:

Somebody running 10.x and not having patched OS for more than six years
is likely to have more serious vulnerabilities to care for than OpenSSH.

Cheers!
Michael

------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.