openssh-3.6.1p2-passexpire20.patch prevents /etc/nologin display on AIX
Elwell, AD (Andrew)
A.D.Elwell at dl.ac.uk
Wed Jun 25 20:17:15 EST 2003
Hi there,
I have just compiled up 3.6.1p2 both with and without Darren Tuckers
passexpire patch.
However, with the patch applied /etc/nologin isn't displayed to users (on
AIX 5.1 / PSSP)
The patched vesion seems to fail with "illegal user" - some parts of a debug
3 log...
debug1: userauth-request for user ade45 service ssh-connection method none
debug1: attempt 0 failures 0
debug3: mm_getpwnamallow entering
debug3: mm_request_send entering: type 6
debug3: mm_getpwnamallow: waiting for MONITOR_ANS_PWNAMdebug3: monitor_read:
checking request 6
debug3: mm_request_receive_expect entering: type 7debug3:
mm_answer_pwnamallowdebug3: mm_request_receive entering
Login restricted for ade45: this is a test
debug3: mm_answer_pwnamallow: sending MONITOR_ANS_PWNAM: 0
debug3: mm_request_send entering: type 7
debug2: monitor_read: 6 used once, disabling nowinput_userauth_request:
illegal user ade45
debug3: mm_request_receive entering
debug3: mm_inform_authserv entering
debug3: mm_request_send entering: type 3
debug2: input_userauth_request: try meth
none
whereas the unpatched one goes...
debug1: userauth-request for user ade45 service ssh-connection method none
debug1: attempt 0 failures 0
debug3: mm_getpwnamallow entering
debug3: mm_request_send entering: type 6
debug3: mm_getpwnamallow: waiting for MONITOR_ANS_PWNAM
debug3: mm_request_receive_expect enteri
: type 7
debug3: mm_request_receive e
ering
Login restricted for ade45: testing in progress
debug3: mm_answer_pwnamallow: sending MONITOR_ANS_PWNAM: 1
debug3: mm_request_send entering: type 7
debug2: monitor_read: 6 used once, disabling nowdebug2:
input_userauth_request: setting up authctxt for ade45
debug3: mm_request_receive entering
debug3: mm_inform_authserv entering
debug3: mm_request_send entering: type 3
debug2: input_userauth_request: try meth
none
We have a dodgy workaround for this (touch /etc/nologin and update the sshd
banner if we're doing maintenance) but it would be nice to have.
A more pressing need is for us to be able to cope with changing the users
password on another box. (we use PSSP on a large cluster) hmm, some hacking
of /bin/passwd might be called for...
Andrew
--
Andrew Elwell <A.D.Elwell at dl.ac.uk>
Room A20, Daresbury Laboratory,
Keckwick Lane, Daresbury, WARRINGTON, WA4 4AD
Tel: +44 (0)1925 603966
Mob: +44 (0)7890 249969
Pager: 08700 555500 [883616]
More information about the openssh-unix-dev
mailing list