[Bug 1656] New: root password considered expired if SIA is not enabled

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Wed Sep 30 18:31:46 EST 2009


https://bugzilla.mindrot.org/show_bug.cgi?id=1656

           Summary: root password considered expired if SIA is not enabled
           Product: Portable OpenSSH
           Version: 5.2p1
          Platform: Alpha
        OS/Version: Tru64
            Status: NEW
          Severity: normal
          Priority: P2
         Component: sshd
        AssignedTo: unassigned-bugs at mindrot.org
        ReportedBy: mindrot.org at thomas.cuivre.fr.eu.org


On a Tru64 5.1A machine where ENHANCED security is not enabled,
configure builds in SIA support anyway, and auth-sia does not check
whether the security level is BASE or ENHANCED prior to checking
password expiration.

So, when logging in as root, the user is prompted for a new password,
but in BASE security mode, the password change date is not recorded by
passwd(1) (and remains 0), and the next login attempt fails in the same
way.

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list