[PATCH] AIX password expiration (via passwd)

Ben Lindstrom mouring at etoh.eviladmin.org
Thu Oct 31 12:07:09 EST 2002


Looks like what I was working on.  The only thing that one may need to
worry about is if you are on systems like OpenBSD or PAM w/ cracklib it
may return comments like:

"Please enter a longer password."
"Please don't use all-digit passwords.\nUnusual capitalization, control
chataracters or digits are suggsted."

or the evil one from VAX that goes like:

"You are not allow to reuse old passwords for XX days."

or

"Password to close to an old password.  Must be at least two characters
different."

Would be nice to return that to the end user.    Just not sure how
pratical.  It is already black magic depending on /usr/bin/passwd.

- Ben


On Wed, 30 Oct 2002, Darren Tucker wrote:

> Ben Lindstrom wrote:
> > Forking off a connection to /usr/bin/passwd and writing a C script to
> > automate changing password.  I just think it will be a pain.
>
> I'm not sure how this should be done, but I didn't let that stop me :-).
>
> This patch is an experiment with allocating a pty, forking off
> /usr/bin/passwd and changing the password via it for protocol 2. It's
> stupidly simplistic.
>
> It currently works on AIX without privsep. It core dumps with privsep
> and I don't know why.
>
> Is it worth persuing this or should I cut my losses and go back to
> spawning passwd in the session for protocol 2?
>
> Incidentally, the shadow password changing in patch #7 has been reported
> to work on UnixWare 2.1.3 as-is (in addition to Solaris and Redhat
> previously tested).
>
> --
> Darren Tucker (dtucker at zip.com.au)
> GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
>     Good judgement comes with experience. Unfortunately, the experience
> usually comes from bad judgement.




More information about the openssh-unix-dev mailing list