[Bug 145] sshd fails to increment AIX login failed counter
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Fri Jun 21 23:56:05 EST 2002
http://bugzilla.mindrot.org/show_bug.cgi?id=145
------- Additional Comments From dtucker at zip.com.au 2002-06-21 23:56 -------
I think I get it now: loginfailed() isn't called until the number of failures
for a given child process is greater than AUTH_FAIL_MAX (currently defined as
6). Since ssh gives up after 3 password attempts (plus a couple of public-key?),
loginfailed is never called and the counter is never incremented. Reconnecting
to sshd gives a new child and the count starts again. Repeat.
I've tested the above patch and confirmed working lockout with it (and lack
thereof without) on AIX 4.3.3 ML0.
The code deleted from auth[12].c was marked with /* XXX: privsep */ but I'm not
sure what this indicates. Clues?
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the openssh-unix-dev
mailing list