[Bug 14] Can't change expired /etc/shadow password without PAM

Sat Feb 1 20:38:32 EST 2003

http://bugzilla.mindrot.org/show_bug.cgi?id=14

dtucker at zip.com.au changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
 Attachment #205 is|0                           |1
           obsolete|                            |

------- Additional Comments From dtucker at zip.com.au  2003-02-01 20:38 -------
Created an attachment (id=215)
 --> (http://bugzilla.mindrot.org/attachment.cgi?id=215&action=view)
passexpire15: removes privsep call, HP-UX support

Adds /bin/passwd-in-session password expiration support.
* configure finds passwd
* supports /etc/shadow & AIX platforms
* uses SIGUSR1 to reset forwarding flags after successful change
* warns users of impending account/password expiry
* generates and stores AIX & PrintLastLog messages before privsep split (this
also fixes bug #463).

Changes relative to previous patch:
* remove invalid privsep call
* remove HP-UX password expiry
* detects over-expired AIX password (this will cause passwd to bomb without
setting a failure code and thus let the user login)

This patch is a cleanup, I don't intend making any further changes unless a
flaw is discovered.  If it gets in and there's sufficient interest I'll look at
re-implementing the HP-UX support (which currently can only do expiry through
PAM).

The equivalent patch against 3.5p1 will be available at
http://www.zip.com.au/~dtucker/openssh/openssh-3.5p1-passexpire15.patch

I'd like to acknowledge that these patches are originally based on patches by
Pablo Sor (psor at afip gov ar) and Mark Pitt (mark.pitt at ch ibm com) and the
AIX loginsuccess() changes are based on work by Kevin Cawlfield (cawlfiel at
austin ibm com).

------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.