[Bug 423] New: Workaround for pw change in privsep mode (3.5.p1)

[bugzilla-daemon at mindrot.org]

http://bugzilla.mindrot.org/show_bug.cgi?id=423

           Summary: Workaround for pw change in privsep mode (3.5.p1)
           Product: Portable OpenSSH
           Version: 3.5p1
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: sshd
        AssignedTo: openssh-unix-dev at mindrot.org
        ReportedBy: michael_steffens at hp.com


The attached patch provides a workaround for changing expired
passwords on login with sshd running in privsep mode. It does
so by delegating the the change dialog to a suid helper program.
(Yes, yet another one :)

The patch incorporates the HP-UX trusted system patch by
Dan Wanek, submitted with [BUG 419].

I have tested this patch successfully on

 Linux (Debian with libpam0g 0.72-32)
 HP-UX 11.00 and 11.11, both trusted and non-trusted mode
 Solaris 2.7

It seems to be even a bit more robust than the builtin
change routine for non-privsep mode, which crashes
on trusted systems when using the dialog options
for random generated passwords. (No idea why, unfortunately)

The ssh-chauthtok-helper passed them flawlessly.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.