[PATCH] AIX password expiration (via passwd)

Darren Tucker dtucker at zip.com.au
Thu Oct 31 13:11:51 EST 2002


Ben Lindstrom wrote:
> Looks like what I was working on.  The only thing that one may need to
> worry about is if you are on systems like OpenBSD or PAM w/ cracklib it
> may return comments like:
[snip]
> Would be nice to return that to the end user.    Just not sure how
> pratical.  It is already black magic depending on /usr/bin/passwd.

And once it tries to handle all of those things, timing problems and
other system-dependant wierdness all in one change_password function,
what are the odds of it ending up bigger, uglier and flakier than the
sum of [aix|shadow|pam]_change_password?

FWIW, my preference is currently:
1) *_change_password via PASSWD_CHANGEREQ for proto 2, passwd in session
for proto 1
2) exec passwd in session for both
3) passwd in pty via PASSWD_CHANGEREQ for proto 2, passwd in session for
proto 1

Apart from AIX, /etc/shadow and PAM based systems, what other password
expiry schemes are there?

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.



More information about the openssh-unix-dev mailing list