Handling of password & account expirations

Markus Friedl markus.friedl at informatik.uni-erlangen.de
Sun Jun 3 20:49:19 EST 2001


On Sat, Jun 02, 2001 at 10:19:19PM -0500, Brian Poole wrote:
> Since no one else has seemed concerned about this when I posted it on
> the OpenBSD mailing lists

i wrote:

% On Mon, May 14, 2001 at 03:20:57PM -0500, Brian Poole wrote:
% > My problem is this, OpenSSH does not respect account nor password
% > expirations by default (by respect I mean it totally ignores them,
% > it doesn't matter if they are set and have expired). Why?
% >
% > [...]
% >
% > This entire bit probably applies to rsh/rlogin as well, but I'm not
% > nearly as concerned about it as it isn't on by default nor used by
% > myself.
% 
% both openssh and rlogin ignore this, so this suggests
% the the operating system does not support this feature
% at all.
% 
% however, in the future openbsd will move to BSD_AUTH, so
% perhaps this feature will be supported on openbsd.

and indeed, this is handled by auth_approval in session.c
if BSD_AUTH is defined.

-m



More information about the openssh-unix-dev mailing list