Expired passwords on Solaris with PAM

Ed Phillips ed at UDel.Edu
Sat Oct 27 05:08:29 EST 2001 

On Fri, 26 Oct 2001, Nicolas Williams wrote:

> Date: Fri, 26 Oct 2001 14:58:08 -0400
> From: Nicolas Williams <Nicolas.Williams at ubsw.com>
> To: Ed Phillips <ed at UDel.Edu>
> Cc: openssh-unix-dev at mindrot.org
> Subject: Re: Expired passwords on Solaris with PAM
>
> Do not use getpass() on Solaris -- it crops the password it reads at 8
> characters. Yes, it does.
>
> Use getpassphrase() instead.

Sure... we can use that, but I suggested getpass() because it exists in
older versions of Solaris - for exmple, getpassphrase() doesn't exist in
Solaris 2.5. :-( Of course, nobody runs THAT right?

Trucating to 8 characters would be bad after all, since ssh-keygen uses it
to read a passphrase for your secret key... which is NOT limited to 8
characters like one for Solaris login that as processed by crypt().

	Ed

>
> Nico
>
>
> On Fri, Oct 26, 2001 at 02:30:48PM -0400, Ed Phillips wrote:
> > I've been doing so more tests with 2.9.9p2 on Sol8.  Here are my
> > finding so far:
> >
> > When a user needs to change his password and trys to run a command in
> > non-interactive mode, it just succeeds without even trying to prompt the
> > user for a new password.  Damien submitted a fix - it works for me (is it
> > going into CVS?).
> >
> > When a user needs to change his password and trys to login in interactive
> > mode, readpassphrase() gets called, but doesn't seem to be working
> > correctly on Sol8 - meaning, it doesn't correctly disable echo.  Would it
> > be possible to use getpass() on Solaris instead for the TTY case
> > (although, getpass() is not MT-Safe if that matters to anyone).  Any
> > ideas?
> >
> > 	Ed
> >
> > Ed Phillips <ed at udel.edu> University of Delaware (302) 831-6082
> > Systems Programmer III, Network and Systems Services
> > finger -l ed at polycut.nss.udel.edu for PGP public key
> >
> --
>
> Visit our website at http://www.ubswarburg.com
>
> This message contains confidential information and is intended only
> for the individual named.  If you are not the named addressee you
> should not disseminate, distribute or copy this e-mail.  Please
> notify the sender immediately by e-mail if you have received this
> e-mail by mistake and delete this e-mail from your system.
>
> E-mail transmission cannot be guaranteed to be secure or error-free
> as information could be intercepted, corrupted, lost, destroyed,
> arrive late or incomplete, or contain viruses.  The sender therefore
> does not accept liability for any errors or omissions in the contents
> of this message which arise as a result of e-mail transmission.  If
> verification is required please request a hard-copy version.  This
> message is provided for informational purposes and should not be
> construed as a solicitation or offer to buy or sell any securities or
> related financial instruments.
>

Ed Phillips <ed at udel.edu> University of Delaware (302) 831-6082
Systems Programmer III, Network and Systems Services
finger -l ed at polycut.nss.udel.edu for PGP public key

More information about the openssh-unix-dev mailing list