OSF_SIA bug in 2.3.0p1

John P Speno speno at isc.upenn.edu
Fri Mar 2 03:33:11 EST 2001

On Mon, Feb 12, 2001 at 11:22:24AM -0600, Chris Adams wrote:
> There may still be a problem with information going back to the user.
> Someone reported to me that on Tru64 5.1, the last login times are
> printed when connecting to an account that is locked.  It doesn't happen
> under 4.0F, so I haven't been able to track down what is happening
> (don't have 5.x installed here yet - CDs are still on the bookshelf).

That someone was me. And it's not just 5.x, it also happens under 4.0F.

The issue is that last login times and /etc/motd are printed from do_login
in session.c, but session_setup_sia which checks for locked accounts is in
do_child which runs after do_login. So, if you authenticate yourself but
your account is locked, you will still see your last login time and
/etc/motd. What's worse is that the login will be recorded in
/var/adm/lastlog as if it were a normal successful login (which it really
isn't, as the account is locked).

When using SIA on Tru64 UNIX, perhaps it would be "best" if updating and
printing the last login time was disabled because sia_ses_launch will
already take care of it (and do it "better" in this case).

By the same token, perhaps the printing of /etc/motd could be disabled in
do_login when SIA support is enabled, and moved into session_setup_sia?

More information about the openssh-unix-dev mailing list