PATCH: HPUX trusted system password checking

Dirk De Wachter Dirk.DeWachter at rug.ac.be
Mon Sep 11 18:40:15 EST 2000


Thank you Kevin for your prompt reply.

Given your input, I have reiterated through the configure process. I 
haven't mentioned it in my previous mail, but I ran a plain configure 
process, without forcing anything by options, except for the program 
and configuration locations.

First the password issue. As you already pointed out: HAVE_SHADOW_H 
is not set during the configure step. I gather that this is because 
my stupid HPUX system always gives a warning about the "Redefinition 
of macro MAXINT". E.g. the Samba (http://www.samba.org) configure 
process has a hack for this error, but most configure script choke on 
this and fail to set the #define.

I have now manually set it in config.h and it is currently compiling. 
I guess this will clean things out and make it work almost 'out of 
the box'.

I don't like to use PAM since it was only introduced for DCE (which I 
don't use) and is greatly unsupported for HPUX 10.20. I have never 
tried to make it work for other programs. Moreover if PAM is not 
installed but the HPUX-trusted password change is, we will still need 
to support it, I guess. Others might have different views though. 
I like your suggestion of using iscomsec to differentiate between a 
trusted/regular system, as this will allow to have the same binary 
shared over NFS by different systems.

The error of not finding xauth was caused by myself. I had restricted 
the PATH of the configure process, so it wasn't able to find its 
location. I apologize for the confusion.

Best regards,

Dirk


On 8 Sep 2000, at 16:38, Kevin Steves wrote about Re: PATCH: HPUX trusted system password checking:

> On Fri, 8 Sep 2000, Dirk De Wachter wrote:
> : The HPUX 10.20 trusted system hack doesn't work yet as intended.
> : I have adapted the auth-passwd.c file to make it work.
> : 
> : Please find a context diff file attached to this file. This diff is 
> : against the latest OpenSSH 2.2.0p1 released Sept 2, 2000.
> 
> Using the getprpwent() interface may be a good direction, since
> getspent() is deprecated, but from a look at the code, why didn't it
> execute the code that uses getspnam()?  Is HAVE_SHADOW_H defined and
> DISABLE_SHADOW undefined in config.h?  Also, does PAM work with OpenSSH
> on 10.20?  PAM is on 10.20, but was only used by CDE.  If PAM is
> sufficiently supported on 10.20, I wouldn't mind getting rid of the
> HPUX_TRUSTED stuff and only supporting PAM on 10.20 and 11.0.  
> Otherwise, I'd like to clean things up including always linking with
> -lsec and using iscomsec(2) to differentiate between trusted/not trusted
> at runtime.
> 
> : Also on HPUX 10.20, xauth is not found at the standard location. 
> : Perhaps this standard location could be changed automagically to 
> : /usr/bin/X11/auth once HPUX is detected.
> 
> It's detected on 11.0 and it's the same path so I don't immediately see
> what's happening.
> 
> 


*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*
Dirk De Wachter, MScEE, MScBME, PhD      mailto:Dirk.DeWachter at rug.ac.be
postdoctoral fellow, systems administrator       http://navier.rug.ac.be
Hydraulics Laboratory, Ibitech, University of Gent  voice:+32 9 264 3281
Sint-Pietersnieuwstraat 41, B-9000 Gent Belgium     faxto:+32 9 264 3595
~--~--~--~--~--~--~--~--~--~--~--~--~--~--~--~--~--~--~--~--~--~--~--~--~





More information about the openssh-unix-dev mailing list