Problem found in OpenSSH 3.7.1p2 with OpenSSL 0.9.7c installation on HP-UX11.0

Nick_Chi at manulife.com Nick_Chi at manulife.com
Mon Nov 3 15:29:22 EST 2003


Hi all,

I found that OpenSSL 3.7.1p2 has problem with PAM (HP-UX) system (with
setting of account deacticating by 3 invalid login attempts).

User enters wrong password more than twice through SSH, his/her account
will not be deactivated.

User enters wrong password more than twice through FTP, his/her account
will be deactivated . However, only further FTP session is blocked. SSH
session can be established even the account is deactivated.

Besides, I deactivate an account through SAM, both new FTP and SSH sessions
will be blocked.

I check that there is no such problem in OpenSSH 3.4p1.

Any comments / suggestions?

Thanks.

Best Regards,

Nick CHI
Regional Technology Team,
Regional I.T.,
I.T. Asia,
Manulife International Limited
Tel: (852) 2510 3273
Fax: (852) 2510 0244
Email: Nick_Chi at manulife.com

==========================================================

This message is confidential and may also be privileged.  If you are not
the intended recipient, please notify me by return e-mail and delete this
message from your system.  If you are not the intended recipient, any use
by you of this message is strictly prohibited.





More information about the openssh-unix-dev mailing list