OSF_SIA bug in 2.3.0p1

Chris Adams cmadams at hiwaay.net
Fri Mar 2 05:16:52 EST 2001


Once upon a time, John P Speno <speno at isc.upenn.edu> said:
> On Mon, Feb 12, 2001 at 11:22:24AM -0600, Chris Adams wrote:
> > There may still be a problem with information going back to the user.
> > Someone reported to me that on Tru64 5.1, the last login times are
> > printed when connecting to an account that is locked.  It doesn't happen
> > under 4.0F, so I haven't been able to track down what is happening
> > (don't have 5.x installed here yet - CDs are still on the bookshelf).
> 
> That someone was me. And it's not just 5.x, it also happens under 4.0F.

There must be some kind of configuration difference then, because it
does not happen under 4.0F for me.  With OpenSSH 2.3.0p1 on 4.0F, I get:

$ ssh dns
Account is disabled -- see Account Administrator.

Connection to dns closed.
$ 

This is the same thing that rsh returns.

There is a problem with OpenSSH 2.5.1p1 that I need to look at:

$ ssh fly
Connection to fly closed by remote host.
Connection to fly closed.
$ 

It should report that the account is disabled like 2.3.0p1.

> The issue is that last login times and /etc/motd are printed from do_login
> in session.c, but session_setup_sia which checks for locked accounts is in
> do_child which runs after do_login. So, if you authenticate yourself but
> your account is locked, you will still see your last login time and
> /etc/motd. What's worse is that the login will be recorded in
> /var/adm/lastlog as if it were a normal successful login (which it really
> isn't, as the account is locked).

I don't get that behavoir either - "Last   successful login" reflects
the last _successful_ login; the attempt to login to a locked account
fails and that time is reflected in "Last unsuccessful login".

I did just realize that I had ".hushlogin", so I did not get the MOTD.
D'oh!  I do now get the MOTD, even on locked accounts.  I will look into
this.  I still do not get my last login times printed.

I will look at this some more.
-- 
Chris Adams <cmadams at hiwaay.net>
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.





More information about the openssh-unix-dev mailing list