[PATCH] Password expiry merge (AIX parts)
Darren Tucker
dtucker at zip.com.au
Wed Jul 30 18:25:06 EST 2003
Ben Lindstrom wrote:
> Please remove the one inside the WITH_AIXAUTHENTICATE. And I assume your
> pulling them back out for the generalization for all platforms.
Whoops, missed that one while merging. Yes, it should be generic, will
fix.
> in auth.c you make the comment "if not running as root don't check because
> the unpriv'd does not have rights to /etc/[..]".
>
> Does that mean with PrivSep inplace that code will never be ran? If so
> why? and is it not important?
allowed_user is called by the monitor with privsep on, so the tests are
done with or without it. The main reason for the uid==0 test is so the
regression tests work, but someone might want to run sshd as a normal user
for some other reason.
> On Wed, 30 Jul 2003, Darren Tucker wrote:
[snip]
> If it makes sense and can clean up code please move the AIX code. =)
OK, I'll try moving the AIX bits and see how it looks.
> I'd like to see the change password code go upstream before integrated in
> our tree.
I didn't realise it needed to go upstream. Should I be doing a patch for
the OpenBSD tree? I got no response to my last OpenBSD-only
expiry-related patch (see bug #463).
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
More information about the openssh-unix-dev
mailing list