PATCH: HPUX trusted system password checking
Dirk De Wachter
Dirk.DeWachter at rug.ac.be
Mon Sep 11 18:40:15 EST 2000
Thank you Kevin for your prompt reply.
Given your input, I have reiterated through the configure process. I
haven't mentioned it in my previous mail, but I ran a plain configure
process, without forcing anything by options, except for the program
and configuration locations.
First the password issue. As you already pointed out: HAVE_SHADOW_H
is not set during the configure step. I gather that this is because
my stupid HPUX system always gives a warning about the "Redefinition
of macro MAXINT". E.g. the Samba (http://www.samba.org) configure
process has a hack for this error, but most configure script choke on
this and fail to set the #define.
I have now manually set it in config.h and it is currently compiling.
I guess this will clean things out and make it work almost 'out of
the box'.
I don't like to use PAM since it was only introduced for DCE (which I
don't use) and is greatly unsupported for HPUX 10.20. I have never
tried to make it work for other programs. Moreover if PAM is not
installed but the HPUX-trusted password change is, we will still need
to support it, I guess. Others might have different views though.
I like your suggestion of using iscomsec to differentiate between a
trusted/regular system, as this will allow to have the same binary
shared over NFS by different systems.
The error of not finding xauth was caused by myself. I had restricted
the PATH of the configure process, so it wasn't able to find its
location. I apologize for the confusion.
Best regards,
Dirk
On 8 Sep 2000, at 16:38, Kevin Steves wrote about Re: PATCH: HPUX trusted system password checking:
> On Fri, 8 Sep 2000, Dirk De Wachter wrote:
> : The HPUX 10.20 trusted system hack doesn't work yet as intended.
> : I have adapted the auth-passwd.c file to make it work.
> :
> : Please find a context diff file attached to this file. This diff is
> : against the latest OpenSSH 2.2.0p1 released Sept 2, 2000.
>
> Using the getprpwent() interface may be a good direction, since
> getspent() is deprecated, but from a look at the code, why didn't it
> execute the code that uses getspnam()? Is HAVE_SHADOW_H defined and
> DISABLE_SHADOW undefined in config.h? Also, does PAM work with OpenSSH
> on 10.20? PAM is on 10.20, but was only used by CDE. If PAM is
> sufficiently supported on 10.20, I wouldn't mind getting rid of the
> HPUX_TRUSTED stuff and only supporting PAM on 10.20 and 11.0.
> Otherwise, I'd like to clean things up including always linking with
> -lsec and using iscomsec(2) to differentiate between trusted/not trusted
> at runtime.
>
> : Also on HPUX 10.20, xauth is not found at the standard location.
> : Perhaps this standard location could be changed automagically to
> : /usr/bin/X11/auth once HPUX is detected.
>
> It's detected on 11.0 and it's the same path so I don't immediately see
> what's happening.
>
>
*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*
Dirk De Wachter, MScEE, MScBME, PhD mailto:Dirk.DeWachter at rug.ac.be
postdoctoral fellow, systems administrator http://navier.rug.ac.be
Hydraulics Laboratory, Ibitech, University of Gent voice:+32 9 264 3281
Sint-Pietersnieuwstraat 41, B-9000 Gent Belgium faxto:+32 9 264 3595
~--~--~--~--~--~--~--~--~--~--~--~--~--~--~--~--~--~--~--~--~--~--~--~--~
More information about the openssh-unix-dev
mailing list