AIX openssh patches

[David Rankin]

On Wed, Jan 19, 2000 at 12:33:55PM -0500, Matt Richards wrote:

> I have a few patches for AIX. The patchfile is attached below. The patch
> has been tested on AIX4.2 and AIX4.3. The patch is on openssh-1.2.1pre25, 
> with openssl-0.94, using RSAref.

These are a good set of patches, but I propose that these be implemented
a bit differently (and yes, I'll be happy to do it, it'll just take a day
or so).

1> Don't use --with-aixauthenticate. Instead, autodetect AIX 4 and use
it without prompting.

2> Instead of the _AIX defines, I'd prefer to see #define used for each
differing item (i.e. unsigned long versus int, __inline versus inline, etc.),
preferably autodetecting using autoconf. I'll work on making this cleaner.

3> The Dante and SOCKS4/5 implementations are 99% alike. Rather than defining
the R* functions in config.h, I'd rather roll them all into one spot, where
they are now.

Any objections?

David

> 1) authenticate support - this function allows the system to determine
>    authentification. Whatever the system allows for login, authenticate
>    will too. It doesn't matter whether it is AFS, DFS, SecureID, local.
> 
> 2) loginsuccess - this function will log to /etc/security/lastlog as
>    well as clear the failed logins.
> 
> 3) loginfailed - this function will increase the number of failed logins
>    and update /etc/security/lastlog and /etc/security/failedlogins.
> 
> 4) loginrestrictions - this function will determine if a user is allowed
>    to login (ie too many failed logins, account disabled, etc). This
>    function is used in conjunction with authenticate.
> 
> 5) SOCKS5 and SOCKS4 support.

> 6) Support for the system random function instead of egd or /dev/urandom.
-- 
David W. Rankin, Jr.     Husband, Father, and UNIX Sysadmin. 
   Email: drankin at bohemians.lexington.ky.us   Address/Phone Number: Ask me.
"It is no great thing to be humble when you are brought low; but to be humble
when you are praised is a great and rare accomplishment." St. Bernard