Snapshot
Kevin Steves
stevesk at sweden.hp.com
Sun Oct 8 01:34:24 EST 2000
On Wed, 20 Sep 2000, Kevin Steves wrote:
: This is what I had in mind (untested); though I'd prefer to wait a bit
: and see when the fix might be available before inserting workarounds
: like these in the code. And I don't know when PAM_AUTHTOK_EXPIRED
: should be returned and what security issues may result from this.
:
: --- auth-pam.c~ Sat Sep 16 07:09:27 2000
: +++ auth-pam.c Wed Sep 20 22:24:43 2000
: @@ -206,6 +206,13 @@
: case PAM_SUCCESS:
: /* This is what we want */
: break;
: +#ifdef __hpux
: + /*
: + * This is a workaround to an HP-UX PAM defect;
: + * refer to JAGad29724 for patch availability.
: + */
: + case PAM_AUTHTOK_EXPIRED:
: +#endif
: case PAM_NEW_AUTHTOK_REQD:
: pam_msg_cat(NEW_AUTHTOK_MSG);
: /* flag that password change is necessary */
This doesn't work. We end up looping in pam_chauthtok() and it's
related to the same defect referred to above but there's no way to work
around this one. We need a PAM patch which I'm trying to push for.
More information about the openssh-unix-dev
mailing list