[AIX/IBMers read] Re: AIX and Privsep.

Darren Tucker dtucker at zip.com.au
Thu Jul 4 16:12:36 EST 2002


Ben Lindstrom wrote:
[AIX problems]
> > The most important is not incrementing the failed login count, which
> > allows password-guessing attacks:
> > http://bugzilla.mindrot.org/show_bug.cgi?id=145
> 
> applied, but Konqueror is crashing too much to close it.  Close the report
> if the problem goes away.

OK, I've tried -cvs on AIX 4.2.1 and 4.3.3.

Account lockout works fine on 4.3.3.

It doesn't work on 4.2.1, because it doesn't get compiled in. Configure
doesn't define WITH_AIXAUTHENTICATE because authenticate() is in libs.a
which isn't linked. Seting LDFLAGS="-ls" before running configure
defines WITH_AIXAUTHENTICATE and lockout works OK.

The existing configure.ac works on 4.3.3 authenticate() is in libc.a
too.

What's the consensus?
a) Do nothing and make people using 4.2.1 set LDFLAGS themselves.
b) Add "-ls" to LDFLAGS for AIX in configure.ac. This works on 4.[23]
but I'm not sure about 5.1.

-- 
Darren Tucker (dtucker at zip.com.au)
GPG Fingerprint D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.



More information about the openssh-unix-dev mailing list