PATCH: HPUX trusted system password checking
Kevin Steves
stevesk at sweden.hp.com
Mon Sep 18 07:08:47 EST 2000
On Sat, 16 Sep 2000, Damien Miller wrote:
: On Tue, 12 Sep 2000, Kevin Steves wrote:
: > Attached is a patch which removes the HAVE_HPUX_TRUSTED_SYSTEM_PW
: > define, and instead uses __hpux to determine if we're HP-UX and
: > iscomsec(2) to determine if commercial security/trusted system is
: > enabled. I have only tested this on HP-UX 11.0 (with --without-pam),
: > but I think it should work on 10.20.
:
: Applied - thanks.
Thanks, but there's also the caveat I added:
Note that because I define DISABLE_SHADOW the password age check in
auth.c that I *think* was getting executed on HP-UX is no longer
included. There should probably be an || __hpux to keep that. The
password aging support needs work for non-trusted, trusted/shadow and
PAM. I'm not sure how best to handle that right now.
I'll look at the aging checks again tomorrow or early next week. One
challenge for HP-UX is in supporting several configuration combinations:
PAM (HP-UX 11.0 only)
PAM should deal with trusted/not trusted issues
no PAM trusted (10.20 and 11.0) [though code is the same]
no PAM not trusted (10.20 and 11.0) [though code is the same]
and then UseLogin yes.
And there's overlaping checks if I recall; for example I think the
existing aging checks in auth.c get executed even if we use PAM though
PAM should also verify password aging and locked account criteria.
More information about the openssh-unix-dev
mailing list