AIX issues

[Mark Grennan]

Hello everyone, 

I have been given the task of working out a number of issues with
OpenSSH for my company (Hertz). 

I have been following the mailing list for several days now and I'm
beginning to compile a list of who is working on what.  To make my task
faster, it would nice if the people working on the following issues
would drop me a email before I start to rewrite their code and get it
wrong. :-)

I am dealing with AIX 4.3.3, AIX 5.x, and OpenSSH 2.5.1p1 and 2.9.9p2. 
I'm sure some of these issues have been fixed. 

The issues are:

    1. Allows login even though the password has expired either from age
    or after being reset by a security analyst.
    
    2. Doesn't update AIX's "failed login count", consequently the ID is
    not locked after 5 invalid login attempts.
    
    3. Doesn't record the failed login in AIX's failedlogin log.
    
    4. Doesn't post logged in users to the wtmp file causing it to
    appear as if no one is logged in.
    
    5. Corrupts the file that stores the last login date for users
    making it impossible to lock or remove accounts for inactivity.
    
    6. Doesn't honor the /etc/ftpusers to restrict sftp access. Any
    users can use ftp through SSH.
    
    7. Syslog entries for SSH login don't differentiate between SSH,
    SFTP, or other tunneled logins.
    
    8. OpenSSH doesn't show user logouts in syslog like F-Secure does.
    
My first step is to move both envirements to 3.4p1 and retest.