Problem found in OpenSSH 3.7.1p2 with OpenSSL 0.9.7c installation on HP-UX11.0
Nick_Chi at manulife.com
Nick_Chi at manulife.com
Mon Nov 3 15:29:22 EST 2003
Hi all,
I found that OpenSSL 3.7.1p2 has problem with PAM (HP-UX) system (with
setting of account deacticating by 3 invalid login attempts).
User enters wrong password more than twice through SSH, his/her account
will not be deactivated.
User enters wrong password more than twice through FTP, his/her account
will be deactivated . However, only further FTP session is blocked. SSH
session can be established even the account is deactivated.
Besides, I deactivate an account through SAM, both new FTP and SSH sessions
will be blocked.
I check that there is no such problem in OpenSSH 3.4p1.
Any comments / suggestions?
Thanks.
Best Regards,
Nick CHI
Regional Technology Team,
Regional I.T.,
I.T. Asia,
Manulife International Limited
Tel: (852) 2510 3273
Fax: (852) 2510 0244
Email: Nick_Chi at manulife.com
==========================================================
This message is confidential and may also be privileged. If you are not
the intended recipient, please notify me by return e-mail and delete this
message from your system. If you are not the intended recipient, any use
by you of this message is strictly prohibited.
More information about the openssh-unix-dev
mailing list