[PATCH #6] AIX password expiration

Markus Friedl markus at openbsd.org
Tue Oct 29 01:49:29 EST 2002


On Mon, Oct 28, 2002 at 09:21:04PM +1100, Darren Tucker wrote:
> Markus Friedl wrote:
> > i don't think there is a portable way for setting
> > passwords
> 
> So I've been discovering...
> 
> > so making sure /usr/bin/passwd is executed
> > (no shells involved) and disallowing all other
> > channels is the only portable thing we could do.
> 
> Protocol 2 requires the password to be changed before the session is
> established, and using /usr/bin/passwd would need a tty.

ok, so expired passwords will fail if a tty is not allocated.

> Are you talking about implementing a subset of "expect" or changing the
> password in the session for protocol 2 too?

i think for protocol 2 i'd rather violate the specs and allow login
with /usr/bin/passwd (and other restictions) then to add the source
for every systems /usr/bin/passwd into sshd.

especially given the size of your patch.

-m



More information about the openssh-unix-dev mailing list