Password expiry related clarification in OpenSSH3.5p1

Darren Tucker dtucker at zip.com.au
Wed Dec 11 00:09:27 EST 2002


Kevin Steves wrote:
> fyi (i'm behind in following the passord expire efforts).
> ----- Forwarded message from Logu <logsnaath at gmx.net> -----
> Date: Sat, 7 Dec 2002 02:42:52 +0530
> From: "Logu" <logsnaath at gmx.net>
[snip]
> We are using OpenSSH3.1p1 and now planned to shift to OpenSSH3.5p1. Among
> other changes, we would like to know specifically the reasons for the
> commented part of the PAM account expiration part in auth-pam.c.
> Why this part of the code is not used in 3.5p1? Is there any specific
> reasons for not using this part of the code?

That's because it doesn't work with privsep, no?

The bit I don't get is in auth-pam.c:
#if 0
	/* XXX: This would need to be done in the parent process,
	 * but there's currently no way to pass such request. */
	no_port_forwarding_flag &= ~2;
	[snip]
#endif
I think that should read "child process", assuming chauthtok is run by
the monitor.

I've done a fair amount of work on various expiry methods, but what I
need is someone to say "do X and the results will be merged".  The only
thing I'm certain of is everybody wants something different.

Some of the patches are at http://www.zip.com.au/~dtucker/openssh/, the
rest can be found in the list archives.

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.



More information about the openssh-unix-dev mailing list