Trusted HP-UX 10.26

[Kevin Steves]

On Tue, 26 Mar 2002, Darren Cole wrote:
:> i don't understand this.  why do you need the hashed password here?
:> openssh works today with hp-ux commercial security--why is CMW different?
:> see auth-passwd.c. also, why did you change only auth2.c and not auth1.c?
:
:I need the password here because I found that sshd would fail otherwise.
:The normal getpwnam does not get the password.   Further down  (not shown in
:the patch) there is a line: authenticated = m->userauth(authtxt);
:authtxt now has the password information.  Without the getprpwnam call,
:authtxt wont get the encrypted password.

you should look at auth_password(); there is already hp-ux code there
doing most of what you need.  auth2 should not be changed.

:Hmm... Now that I know a bit more about autoconf, I see how I could make
:HAVE_SCO_PROTECTED_PW be defined on trusted hp-ux.  Then I could move this
:functionality to auth-passwd.c.  Thanks, I will try that before I post my
:next try at the patch.
:I didn't look at auth1.c because it didn't fail in my testing. (though it
:probably would have if I had tested using ssh1 protocal).
:
:> :diff -cr openssh-3.1p1.orig/session.c openssh-3.1p1/session.c
:> :*** openssh-3.1p1.orig/session.c Mon Feb 25 15:48:03 2002
:> :--- openssh-3.1p1/session.c Fri Mar 22 22:56:30 2002
:> :***************
:> :*** 1285,1291 ****
:> :--- 1285,1297 ----
:> :  #ifdef LOGIN_NEEDS_TERM
:> :        (s->term ? s->term : "unknown"),
:> :  #endif /* LOGIN_NEEDS_TERM */
:> :+ #ifdef TRUSTED_HPUX
:> :+    // the "--" makes login hang on Trusted HP-UX
:> :+    // 10.26
:> :+       "-p", "-f", pw->pw_name, (char *)NULL);
:> :+ #else
:> :        "-p", "-f", "--", pw->pw_name, (char *)NULL);
:> :+ #endif
:> :
:> :    /* Login couldn't be executed, die. */
:>
:> do you require UseLogin yes?
:
:Yes.  It seems much easier to let login taking care of checking and setting
:all that needs to be done on a CMW, instead of duplicating all of that work
:and code.

login doesn't use getopt()?