[Bug 145] sshd fails to increment AIX login failed counter

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Fri Jun 21 23:56:05 EST 2002


http://bugzilla.mindrot.org/show_bug.cgi?id=145





------- Additional Comments From dtucker at zip.com.au  2002-06-21 23:56 -------
I think I get it now: loginfailed() isn't called until the number of failures 
for a given child process is greater than AUTH_FAIL_MAX (currently defined as 
6). Since ssh gives up after 3 password attempts (plus a couple of public-key?), 
loginfailed is never called and the counter is never incremented. Reconnecting 
to sshd gives a new child and the count starts again. Repeat.

I've tested the above patch and confirmed working lockout with it (and lack 
thereof without) on AIX 4.3.3 ML0.

The code deleted from auth[12].c was marked with /* XXX: privsep */ but I'm not 
sure what this indicates. Clues?



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.



More information about the openssh-unix-dev mailing list