good news for solaris8 &3.4p1

Philip Brown phil at bolthole.com
Tue Oct 8 06:22:30 EST 2002


Thanks go to Darren Tucker who posted about "#if 0" on auth-pam.c
I saw his email in the archive, about solaris 7.

I removed the "#if 0", and finally, password expiration works.

A caviat or two:

If UseLogin=no (the default) , if a user fails to use the
correct password for a "change on first login" account, you get the
following message:

  sshd(SYSTEM): Sorry, wrong passwd
  removing root credentials would break the rpc services that
  use secure rpc on this host!
  root may use keylogout -f to do this (at your own risk)!

On the other hand, if UseLogin=yes

  telnet(SYSTEM): Sorry, wrong passwd
  Connection to srvwfs01 closed.

I'm not exactly sure which is the preferred one to use here :-)
Any recommendations?


BTW: This was with making zero changes to the Solaris 8 /etc/pam.conf



More information about the openssh-unix-dev mailing list