Portable openssh integration with PAM on HP-UX 11.X Trusted System
dknodel at csc.com.au
dknodel at csc.com.au
Thu Sep 26 12:00:20 EST 2002
Hi.
I was wondering a couple things relating to PAM authentication:
1. I found that expired passwords caused authentication failure, rather
than the expected behaviour of forcing a paswword change. After perusing
the auth-pam.c file (as it appears in openssh-3.4p1), I found that the
reason is that the case for the relevant return value (PAM_AUTHTOKEN_REQD)
from pam_acct_mgmt is wrapped with "#if 0 ... #endif"; does this mean
that handling for it is essentially there, and will be enabled soon when
it's all in & tested, or have I missed a configuration step that I
should've performed to enable it?
2. If a user's password is about to expire (interval configured with
u_pw_expire_warning from prpwd(4) in Trusted systems), they receive a
little message to that effect (apparently spat out by login(1)). Is there
a PAM-related function that can do this (that can be invoked by sshd), or
is it a HP-UX trusted-system related step that would have to be handled
directly (eg. via the getprpwnam function, and doing a little calculation)?
Any information you've got will be greatly appreciated...
Cheers,
David Knodel
__________________________________________________
CSC
Ph: 08 9429 6424 Email: dknodel at csc.com.au
----------------------------------------------------------------------------------------
More information about the openssh-unix-dev
mailing list