Problem found in OpenSSH 3.7.1p2 with OpenSSL 0.9.7c installation on HP-UX11.0

The Alchemist nospam at magestower.net
Thu Nov 6 23:59:42 EST 2003


*This message was transferred with a trial version of CommuniGate(tm) Pro*
Are you using Darren's HP patches?  Also, are these trusted or untrusted 
configurations?

Nick_Chi at manulife.com wrote:

>*This message was transferred with a trial version of CommuniGate(tm) Pro*
>Hi all,
>
>I found that OpenSSL 3.7.1p2 has problem with PAM (HP-UX) system (with
>setting of account deacticating by 3 invalid login attempts).
>
>User enters wrong password more than twice through SSH, his/her account
>will not be deactivated.
>
>User enters wrong password more than twice through FTP, his/her account
>will be deactivated . However, only further FTP session is blocked. SSH
>session can be established even the account is deactivated.
>
>Besides, I deactivate an account through SAM, both new FTP and SSH sessions
>will be blocked.
>
>I check that there is no such problem in OpenSSH 3.4p1.
>
>Any comments / suggestions?
>
>Thanks.
>
>Best Regards,
>
>Nick CHI
>Regional Technology Team,
>Regional I.T.,
>I.T. Asia,
>Manulife International Limited
>Tel: (852) 2510 3273
>Fax: (852) 2510 0244
>Email: Nick_Chi at manulife.com
>
>==========================================================
>
>This message is confidential and may also be privileged.  If you are not
>the intended recipient, please notify me by return e-mail and delete this
>message from your system.  If you are not the intended recipient, any use
>by you of this message is strictly prohibited.
>
>
>_______________________________________________
>openssh-unix-dev mailing list
>openssh-unix-dev at mindrot.org
>http://www.mindrot.org/mailman/listinfo/openssh-unix-dev
>  
>





More information about the openssh-unix-dev mailing list