[PATCH #6] AIX password expiration
Markus Friedl
markus at openbsd.org
Tue Oct 29 01:49:29 EST 2002
On Mon, Oct 28, 2002 at 09:21:04PM +1100, Darren Tucker wrote:
> Markus Friedl wrote:
> > i don't think there is a portable way for setting
> > passwords
>
> So I've been discovering...
>
> > so making sure /usr/bin/passwd is executed
> > (no shells involved) and disallowing all other
> > channels is the only portable thing we could do.
>
> Protocol 2 requires the password to be changed before the session is
> established, and using /usr/bin/passwd would need a tty.
ok, so expired passwords will fail if a tty is not allocated.
> Are you talking about implementing a subset of "expect" or changing the
> password in the session for protocol 2 too?
i think for protocol 2 i'd rather violate the specs and allow login
with /usr/bin/passwd (and other restictions) then to add the source
for every systems /usr/bin/passwd into sshd.
especially given the size of your patch.
-m
More information about the openssh-unix-dev
mailing list