Call for testing for 3.6: password expiry?
Jeff Koenig
Jeff.Koenig at experian.com
Sat Mar 22 03:15:48 EST 2003
Why are password expiring and BSM support not in the code by now? People have been talking about these since before 3.5p1? At least, can't they be added and just not on by default? Like having a --password_expire and --bsm_support or something?
I don't understand why password expiry and BSM auditing support are not a higher priority. I would think a lot of companies are required to use these features. Is the patch code just not tested enough or something?
I'm just a little frustrated.
Anyway, thanks for all the work you guys have done so far, by the way.
Jeff
>>> Ben Lindstrom <mouring at etoh.eviladmin.org> 03/19/03 09:46PM >>>
That's nice.. problem is when we normally call for testing.. It means NO
NEW FEATURES. As in *RELEASE SOON*...
Sorry folks.. These won't be in 3.6.
- Ben
On Wed, 19 Mar 2003 hayward at slothmud.org wrote:
>
> I would like to see the expiry patch in as well. We use OpenSSH across a
> large corporation, with thousands of servers (Solaris, AIX, HP, etc) Our
> policies require password expiry... What's the point of SSH if you have
> to use telnet to change your password after it expires...? :-)
>
> Thanks for the consideration,
> Brian Hayward
>
>
> >I have tried this patch (against 3.5p1) and would very much like it to be in the OpenSSH 3.6p1 release, if possible:
> >http://bugzilla.mindrot.org/show_bug.cgi?id=14
> >
> >On that note, I'd like the Sun BSM patch to be included also, if possible. I have it working applied to 3.5p1:
> >http://bugzilla.mindrot.org/show_bug.cgi?id=125
> >
> >In fact, both patches work together, apparently.
> >
> >If I have any issues, I'll post them here.
> >
> >Jeff Koenig
> >
> >>>> Darren Tucker <dtucker at zip.com.au> 03/07/03 12:55AM >>>
> >Hi again.
> >
> >Ben Lindstrom wrote:
> >> So if you have any patches you need to ensure your platform works speak
> >> up. We are looking at a lock on the 17th.
> >
> >There's a couple of patches in Bugzilla that relate to my pet project:
> >
> >Bugzilla Bug 14: Can't change expired /etc/shadow password without PAM
> >http://bugzilla.mindrot.org/attachment.cgi?id=240&action=view
> >
> >Bugzilla Bug 463: PrintLastLog doesn't work in privsep mode
> >http://bugzilla.mindrot.org/attachment.cgi?id=235&action=view
> >
> >There is some overlap between the two patches and they're out of sync
> >with each other.
> >
> >Can I please get someone to review these and let me know if they're
> >suitable for inclusion in 3.6p1? The expiry patches have been pretty
> >heavily tested (nearly 800 downloads of the patch). I've had about a
> >dozen reports of problems, all of which have been resolved (mostly
> >configuring with pam when it wasn't supported, a couple of genuine
> >problems and a couple of cases of pilot error).
> >
> >If they are likely to go in, please let me know what you'd like done
> >with them (eg, merge them into a single patch or make 2 "stacked"
> >patches to be applied sequentially, and particularly what if anything
> >should be done with the interaction with do_pam_chauthtok).
> >
> >
>
> --
> Brian Hayward
>
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev at mindrot.org
http://www.mindrot.org/mailman/listinfo/openssh-unix-dev
More information about the openssh-unix-dev
mailing list