Patch for changing expired passwords
Dave Dykstra
dwd at bell-labs.com
Wed Oct 17 23:21:38 EST 2001
On Wed, Oct 17, 2001 at 12:23:19PM +0200, Markus Friedl wrote:
> On Tue, Oct 16, 2001 at 10:57:26AM -0500, Dave Dykstra wrote:
> > However, I tried moving the forced_passwd_change code to do_child() and it
> > didn't work because do_exec_pty() (via do_login()/check_quiet_login()) does
> > different things depending on whether or not command is NULL.
>
> what does not work? the checks should not be relevant in this case
> i think. but we can move it to do_child later.
It turns out it's not quite as bad as I thought, I think because of
something strange in my testing which led me to believe it had an effect on
X forwarding. The actual difference is that if "command" is NULL because
the user didn't supply any command and intended to login, leaving the check
in do_exec() causes do_login() to exit right after it calls
check_quiet_login() and to not print things it normally prints for
interactive logins such as the last login time or the message of the day.
I don't think it's right to print either of those before prompting for a
password change.
Also, my opinion is that it's cleaner to have the forced_password_change
check in the same place as the forced_command check.
- Dave Dykstra
More information about the openssh-unix-dev
mailing list