Call for testing for 3.6: password expiry?

[Damien Miller]

Jeff Koenig wrote:
> Why are password expiring and BSM support not in the code by 
> now?  People have been talking about these since before 3.5p1?  

Because we didn't get time to get them understand them + get them to a point where we are comfortable with them + merge them in time.

> At least, can't they be added and just not on by default?  
> Like having a --password_expire and --bsm_support or something?

No, we don't want more compile-time options. We have way too many #ifdefs already.

> I'm just a little frustrated.

So are we, do you think that we _like_ having open bug reports (especially ones with reasonable patches)? 

[I refer more to the password expiry issue than BSM auditing, which I haven't looked into at all. Password expiry is a higher priority as it affects everyone.]

This is my TODO list for the next release:

1. Merge improved PAM code from FreeBSD
2. Password expiry (using /usr/bin/passwd)
3. Rewrite sftp progressmeter support (make it a callback, rather than signal-triggered)
4. Ressurect my KeyNote patches
5. Implement new draft-secsh-filexfer stuff

I'll leave BSM to someone with more consistent access to Solaris platforms.

-d