OpenSSH 3.7.1p2 with OpenSSL 0.9.7c installation on HP-UX 11.0enquiry?
Darren Tucker
dtucker at zip.com.au
Fri Oct 3 19:19:46 EST 2003
Nick_Chi at manulife.com wrote:
> I can install OpenSSH 3.7.1p2 with OpenSSL 0.9.7c on HP-UX 11.0 without
> problem.
> However, I find that all valid accounts are treated as "locked" (even
> specify "AllowUsers USER1" in sshd_config) and can't make SSH connection to
> the server.
>
> Here is the message shown in syslog.log.
>
> Oct 3 16:49:17 SERVER_NAME sshd[12994]: User USER1 not allowed because
> account is locked
> Oct 3 16:49:21 SERVER_NAME sshd[12993]: Connection closed by
> CLIENT_IP_ADDRESS
> Oct 3 16:49:22 SERVER_NAME sshd[12994]: Failed password for illegal user
> USER1 from CLIENT_IP_ADDRESS port CLIENT_PORT
Try a snapshot (but avoid 20031002 as PAM is broken), as this has been
fixed. You may also have a problem with sshd claiming that the password
is expired, you can apply this patch for that.
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
-------------- next part --------------
Index: auth.c
===================================================================
RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/auth.c,v
retrieving revision 1.77
diff -u -p -r1.77 auth.c
--- auth.c 2 Sep 2003 21:32:46 -0000 1.77
+++ auth.c 3 Oct 2003 03:31:46 -0000
@@ -112,7 +112,7 @@ allowed_user(struct passwd * pw)
return 0;
}
- if (spw->sp_max != -1 &&
+ if (spw->sp_max != -1 && spw->sp_max != 0 &&
today > spw->sp_lstchg + spw->sp_max) {
logit("User %.100s password has expired (password aged)",
pw->pw_name);
More information about the openssh-unix-dev
mailing list