[PATCH #6] AIX password expiration

Ben Lindstrom mouring at etoh.eviladmin.org
Mon Oct 28 15:53:43 EST 2002


Ok.. I've spent some time convert this to OpenBSD (still mucking with
bsd_auth.  It is not being friendly to me. =).

A few things.

1. How many UNIXes actually say 'expired' vs 'force changed'?  Solaris
does not.  I'd perfer to drop (in the ported code I have) unless there is
a good reason.

2. For userath_passwd()  can we simplify the code down to:

[..]
        packet_check_eom();
-       if (authctxt->valid &&
-           PRIVSEP(auth_password(authctxt, password)) == 1)
-               authenticated = 1;
+       if (authctxt->valid) {
+               authenticated = PRIVSEP(auth_password(authctxt, password));
+               if (change) {
[..]

Note: I'm using the original 'change' variable and this is the OpenBSD
code so the Cygwin bit would be in there.


What I'm doing is this.  I'm splitting the patch into v2 (against
OpenBSD), v1 (against OpenBSD) and AIX only.  I'm done with the v2 part
except to get bsd_auth to tell me expired vs invalid/locked account.
<sigh>  Really need to find a tutorial on bsd_auth.

- Ben

On Sun, 27 Oct 2002, Darren Tucker wrote:

> Darren Tucker wrote:
> > I had trouble with monitor dropping out of its initial loop too early,
> > hopefully I've got that right now.
>
> I didn't. I broke protocol 1. Fixed in this patch. (Really!) I also
> added code to set the expire flag from the shadow although this won't
> work yet.
>
> --
> Darren Tucker (dtucker at zip.com.au)
> GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
>     Good judgement comes with experience. Unfortunately, the experience
> usually comes from bad judgement.




More information about the openssh-unix-dev mailing list