HP-UX 11.0 libpam patch
Kevin Steves
stevesk at sweden.hp.com
Mon Nov 6 06:47:25 EST 2000
Patch PHCO_22265 (s700_800 11.00 cumulative libpam and libpam_unix
patch) is now available that fixes a problem discussed a while back
on the list regarding an incorrect return value from pam_acct_mgmt(),
which effected the ability to change an expired password:
(SR: 8606160402 CR: JAGad29724)
HP-UX is inconsistent with the PAM standard with respect
to the return value for an expired password. libpam_unix.1
returns PAM_AUTHTOK_EXPIRED when it detects an expired
password; the PAM standard expects PAM_NEW_AUTHTOK_REQD to
be returned. This inconsistency causes a problem for
programs written to run on multiple platforms.
Resolution:
When an expired password is detected, libpam_unix.1 now
returns standard PAM_NEW_AUTHTOK_REQD instead of
PAM_AUTHTOK_EXPIRED.
I'm running a pre-release of this patch and openssh-SNAP-20001028.tar.gz
on several 11.0 production hosts and things are working fine.
You can get this patch from:
ftp://europe-ffs.external.hp.com/hp-ux_patches/s700_800/11.X/PHCO_22265
ftp://us-ffs.external.hp.com/hp-ux_patches/s700_800/11.X/PHCO_22265
More information about the openssh-unix-dev
mailing list