[PATCH] AIX password expiration (via passwd)

Tim Rice tim at multitalents.net
Thu Oct 31 13:24:27 EST 2002


And then there is the problem that on some systems it's /bin/passwd
on others /usr/bin/passwd

On Wed, 30 Oct 2002, Ben Lindstrom wrote:

>
> Looks like what I was working on.  The only thing that one may need to
> worry about is if you are on systems like OpenBSD or PAM w/ cracklib it
> may return comments like:
>
> "Please enter a longer password."
> "Please don't use all-digit passwords.\nUnusual capitalization, control
> chataracters or digits are suggsted."
>
> or the evil one from VAX that goes like:
>
> "You are not allow to reuse old passwords for XX days."
>
> or
>
> "Password to close to an old password.  Must be at least two characters
> different."
>
> Would be nice to return that to the end user.    Just not sure how
> pratical.  It is already black magic depending on /usr/bin/passwd.
>
> - Ben
>
>
> On Wed, 30 Oct 2002, Darren Tucker wrote:
>
> > Ben Lindstrom wrote:
> > > Forking off a connection to /usr/bin/passwd and writing a C script to
> > > automate changing password.  I just think it will be a pain.
> >
> > I'm not sure how this should be done, but I didn't let that stop me :-).
> >
> > This patch is an experiment with allocating a pty, forking off
> > /usr/bin/passwd and changing the password via it for protocol 2. It's
> > stupidly simplistic.
> >
> > It currently works on AIX without privsep. It core dumps with privsep
> > and I don't know why.
> >
> > Is it worth persuing this or should I cut my losses and go back to
> > spawning passwd in the session for protocol 2?
> >
> > Incidentally, the shadow password changing in patch #7 has been reported
> > to work on UnixWare 2.1.3 as-is (in addition to Solaris and Redhat
> > previously tested).
> >
> > --
> > Darren Tucker (dtucker at zip.com.au)
> > GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
> >     Good judgement comes with experience. Unfortunately, the experience
> > usually comes from bad judgement.
>
> _______________________________________________
> openssh-unix-dev at mindrot.org mailing list
> http://www.mindrot.org/mailman/listinfo/openssh-unix-dev
>

-- 
Tim Rice				Multitalents	(707) 887-1469
tim at multitalents.net





More information about the openssh-unix-dev mailing list