[PATCH #6] AIX password expiration
Ben Lindstrom
mouring at etoh.eviladmin.org
Tue Oct 29 02:00:05 EST 2002
On Mon, 28 Oct 2002, Markus Friedl wrote:
[..]
> > Are you talking about implementing a subset of "expect" or changing the
> > password in the session for protocol 2 too?
>
> i think for protocol 2 i'd rather violate the specs and allow login
> with /usr/bin/passwd (and other restictions) then to add the source
> for every systems /usr/bin/passwd into sshd.
>
> especially given the size of your patch.
>
Remember we still will have to check for expiring on every platform on
earth. So the portable version of the patch will be large at the onset.
Not sure about violating the specs. The only valid reason for supporting
the specs in this case is to lessen the chance of timing attacks which
people are now so keen on exploring with SSH v2 protocol. Not sure if
that outwieghts implementation details or not, but I'd like to see if
there is a way to support the specs before we go off on our own.
- Ben
More information about the openssh-unix-dev
mailing list