A bug in openssh-2.2.0-p1
Damien Miller
djm at mindrot.org
Sat Sep 16 13:32:31 EST 2000
On Sat, 2 Sep 2000, Pavel Troller wrote:
> Hello!
> Today I've found, downloaded and compiled openssh-2.2.0-p1. It
> basically worked, except that users other than root were not allowed
> to login. My system is a Linux-2.4.0-test7 with glibc-2.1.3. No PAM
> is installed/used. It uses MD5 passwords and shadow with account
> expiration feature. In handling of the latter, a probable bug was
> found. In auth.c, allowed_user(), there is a
> code at the line 73, saying
[snip]
> On the other hand, there is a sp_max entry, stating maximum number
> of days between password changes. This is the right value for us. So
> I changed the code to be as follows:
[snip]
Thanks - this has been applied.
Regards,
Damien Miller
--
| ``The power of accurate observation is | Damien Miller <djm at mindrot.org>
| commonly called cynicism by those who | @Work <djm at ibs.com.au>
| have not got it'' - George Bernard Shaw | http://www.mindrot.org
More information about the openssh-unix-dev
mailing list