Password expiry in auth-krb5.c
James F.Hranicky
jfh at cise.ufl.edu
Thu Mar 27 04:32:45 EST 2003
Due to difficulties in getting PAM (with krb5) password expiry working
consistently on multiple platforms, I'd like to see if I could hack
something into auth-krb5.c to do so.
Here's a backtrace when stopped in auth_krb5_password:
#0 auth_krb5_password (authctxt=0x8e148, password=0x90250 "XXXXXXXX") at auth-krb5.c:270
#1 0x274d8 in auth_password (authctxt=0x8e148, password=0x90250 "XXXXXXXX") at auth-passwd.c:140
#2 0x380fc in mm_answer_authpassword (socket=9, m=0xffbeef28) at monitor.c:608
#3 0x376c4 in monitor_read (pmonitor=0x8bec0, ent=0x84150, pent=0xffbeefbc) at monitor.c:371
#4 0x37244 in monitor_child_preauth (pmonitor=0x8bec0) at monitor.c:280
#5 0x1aaac in privsep_preauth () at sshd.c:603
#6 0x1d45c in main (ac=3, av=0xffbefaac) at sshd.c:1497
At first, I simply tried to add the stock Kerberos prompter to
krb5_get_init_creds_password:
problem = krb5_get_init_creds_password(authctxt->krb5_ctx, &creds,
authctxt->krb5_user, (char *)password, krb5_prompter_posix, NULL, 0, NULL, NULL);
however, this returned KRB5_LIBOS_CANTREADPWD due to the fact that fds 0 and
1 are closed and not connected to a socket.
More information about the openssh-unix-dev
mailing list