Password expiry in auth-krb5.c

James F.Hranicky jfh at
Thu Mar 27 04:32:45 EST 2003

Due to difficulties in getting PAM (with krb5) password expiry working
consistently on multiple platforms, I'd like to see if I could hack 
something into auth-krb5.c to do so.

Here's a backtrace when stopped in auth_krb5_password:

#0  auth_krb5_password (authctxt=0x8e148, password=0x90250 "XXXXXXXX") at auth-krb5.c:270
#1  0x274d8 in auth_password (authctxt=0x8e148, password=0x90250 "XXXXXXXX") at auth-passwd.c:140
#2  0x380fc in mm_answer_authpassword (socket=9, m=0xffbeef28) at monitor.c:608
#3  0x376c4 in monitor_read (pmonitor=0x8bec0, ent=0x84150, pent=0xffbeefbc) at monitor.c:371
#4  0x37244 in monitor_child_preauth (pmonitor=0x8bec0) at monitor.c:280
#5  0x1aaac in privsep_preauth () at sshd.c:603
#6  0x1d45c in main (ac=3, av=0xffbefaac) at sshd.c:1497

At first, I simply tried to add the stock Kerberos prompter to 

  problem = krb5_get_init_creds_password(authctxt->krb5_ctx, &creds,
      authctxt->krb5_user, (char *)password, krb5_prompter_posix, NULL, 0, NULL, NULL);

however, this returned KRB5_LIBOS_CANTREADPWD due to the fact that fds 0 and
1 are closed and not connected to a socket.

More information about the openssh-unix-dev mailing list