Patch for changing expired passwords

[Dave Dykstra]

On Thu, Aug 23, 2001 at 12:42:40PM -0700, Kevin Steves wrote:
> On Thu, 23 Aug 2001, Dave Dykstra wrote:
> :Will this patch be able to be incorporated in the next portable release?
> :I've seen several people asking about this functionality, and Markus did
> :the preparation work in the base code.
> 
> patch looks ok for systems with spwd. i think we need something like this,
> but it should ideally work for all or most systems we support. 

I agree with you.  However, I think the best way to do that is to put in a
solution that works at least on the most common systems; then people who
need it on other systems will have something to patch for the next release.

I have tested that it at least compiles and runs on 
    Solaris 5.5.1 & 5.7
    Sunos 4.1.4
    HP-UX 10.20
    Linux Redhat 6.2
    Irix 6.2
    Unixware 1.1.2

> in the case
> of hp-ux for example, it has spwd and pr_passwd, but spwd can't currently
> be used, and i don't think it should be.

I see that my HP-UX machine does not have /etc/shadow so I must not have
tested expiration over there.  I was unaware of pr_passwd, but now that you
mention it I see it documented under getprpwent().  However, it says it is
"for trusted systems only" and mine isn't set up that way so I won't be
able to test it.


> SCO or other systems that use
> secureware-based trusted systems may have similar issues. there's also
> passwd_adjunct and systems that have pw_change and probably other
> mechanisms. 

All these systems have a relatively low user base, so if somebody has a
need for it let them submit a patch.  The changes should be able to be
isolated to a few lines in auth.c and a probe in configure.in, so they
don't seem to me to be a bother for support.


> what changes might be in openssh native, and what are in
> portable only?

All the changes that were needed in openssh native were already done by
Markus; the patch I submitted is for portable only.

- Dave Dykstra