[PATCH] AIX password expiration (via passwd)
Darren Tucker
dtucker at zip.com.au
Thu Oct 31 13:11:51 EST 2002
Ben Lindstrom wrote:
> Looks like what I was working on. The only thing that one may need to
> worry about is if you are on systems like OpenBSD or PAM w/ cracklib it
> may return comments like:
[snip]
> Would be nice to return that to the end user. Just not sure how
> pratical. It is already black magic depending on /usr/bin/passwd.
And once it tries to handle all of those things, timing problems and
other system-dependant wierdness all in one change_password function,
what are the odds of it ending up bigger, uglier and flakier than the
sum of [aix|shadow|pam]_change_password?
FWIW, my preference is currently:
1) *_change_password via PASSWD_CHANGEREQ for proto 2, passwd in session
for proto 1
2) exec passwd in session for both
3) passwd in pty via PASSWD_CHANGEREQ for proto 2, passwd in session for
proto 1
Apart from AIX, /etc/shadow and PAM based systems, what other password
expiry schemes are there?
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
More information about the openssh-unix-dev
mailing list