[PATCH] Password expiry with Privsep and PAM

Darren Tucker dtucker at zip.com.au
Wed Dec 11 16:00:53 EST 2002


Peter Stuge wrote:
[snip]
> And if anything fails along the way, touch luck, the SSH protocol has no way
> to propagate messages such as "Password must contain..." back to the client.

Sure it does. The "prompt" string.
     byte      SSH_MSG_USERAUTH_PASSWD_CHANGEREQ
     string    prompt (ISO-10646 UTF-8)
     string    language tag (as defined in [RFC1766])

[snip]
> > Having had a go at implementing both, I think (2) will end up bigger,
> > uglier and flakier that the sum of (1).
> 
> I will try to prove you wrong.  :)

I'll count the expect string library toward the size :-)

Have fun and good luck.

-- 
Darren Tucker (dtucker at zip.com.au)
GPG Fingerprint D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.



More information about the openssh-unix-dev mailing list