openssh-2.9p1 bug: loginfailed() with AIX 4.3.3
K.Wolkersdorfer at fz-juelich.de
K.Wolkersdorfer at fz-juelich.de
Thu May 17 01:56:46 EST 2001
Hi,
first let me thank you for all the excellent work with openssh!
Bug-Description (for AIX - current release 4.3.3 - only):
During password-authentication if a user enters a wrong
password, the failed attempt is not at all recorded in
/etc/security/lastlog, although the loginfailed()
subroutine in auth1.c is supposed to do that.
Suggestion:
In AIX the loginfailed() subroutine should be called
if and only if
the user enters a wrong password:
From man loginfailed:
..."A login failure audit record is cut to indicate that
an unsuccessful login attempt occurred. A utmp entry
is appended to /etc/security/failedlogin file,
which tracks all failed login attempts." ...
So it seems that in auth1.c the loginfailed() subroutine
is on the wrong place. It should be immediately after
the password-authentication.
Bug-Fix:
The following fix works for us:
------------------------------------------------------------------------
diff auth1.c.orig auth1.c
266a267,272
> #ifdef WITH_AIXAUTHENTICATE
> if (!authenticated)
> loginfailed(authctxt->user,
> get_canonical_hostname(options.reverse_mapping_check),
> "ssh");
> #endif /* WITH_AIXAUTHENTICATE */
346,350d351
< #ifdef WITH_AIXAUTHENTICATE
< loginfailed(authctxt->user,
< get_canonical_hostname(options.reverse_mapping_check),
< "ssh");
< #endif /* WITH_AIXAUTHENTICATE */
-------------------------------------------------------------------------
Many thanks for your attention and best regards from Germany
Klaus
--
Klaus Wolkersdorfer (K.Wolkersdorfer at fz-juelich.de)
Zentralinstitut fuer Angewandte Mathematik (ZAM) Tel: +49-2461-61-6579
John von Neumann - Institute for Computing (NIC) Fax: -6656
Forschungszentrum Juelich GmbH, D-52425 Juelich, Germany
More information about the openssh-unix-dev
mailing list