Test for locked account in auth.c (bug #442).
Darren Tucker
dtucker at zip.com.au
Wed Jan 15 16:30:41 EST 2003
Kevin Steves wrote:
> i see with 11i 1.6 there's a way to do /etc/shadow which adds another
> mode.
> http://devrsrc1.external.hp.com/STK/impacts/i833.html
I had a quick read that and I think that case is covered by the existing
getspnam() call in the shadow expiry handling.
The thing I'm currently puzzling over is: is it sane to support multiple
expiry schemes in a single binary?
Example: HP-UX 11.00 box, you need to use passwd->pw_age or
pr_passwd->ufld.fd_* depending on whether or not the system is in
trusted mode (ie depending on what iscomsec() returns). In fact, I
think the way to do it is just check the result of the call (eg
getspnam/getprpwnam) and ignore it if if fails.
It would be nice if the sshd just did the right thing no matter what
mode the box is in (but that means linking with -lsec all the time, is
that a big deal?).
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
More information about the openssh-unix-dev
mailing list