HP-UX 11.0 libpam patch

Kevin Steves stevesk at sweden.hp.com
Mon Nov 6 06:47:25 EST 2000


Patch PHCO_22265 (s700_800 11.00 cumulative libpam and libpam_unix
patch) is now available that fixes a problem discussed a while back
on the list regarding an incorrect return value from pam_acct_mgmt(),
which effected the ability to change an expired password:

(SR: 8606160402 CR: JAGad29724)
           HP-UX is inconsistent with the PAM standard with respect
           to the return value for an expired password. libpam_unix.1
           returns PAM_AUTHTOK_EXPIRED when it detects an expired
           password; the PAM standard expects PAM_NEW_AUTHTOK_REQD to
           be returned.  This inconsistency causes a problem for
           programs written to run on multiple platforms.
           Resolution:
           When an expired password is detected, libpam_unix.1 now
           returns standard PAM_NEW_AUTHTOK_REQD instead of
           PAM_AUTHTOK_EXPIRED.

I'm running a pre-release of this patch and openssh-SNAP-20001028.tar.gz
on several 11.0 production hosts and things are working fine.

You can get this patch from:

ftp://europe-ffs.external.hp.com/hp-ux_patches/s700_800/11.X/PHCO_22265
ftp://us-ffs.external.hp.com/hp-ux_patches/s700_800/11.X/PHCO_22265






More information about the openssh-unix-dev mailing list