AIX patch for openssh-3.7.1p2
Matt Richards
matter at sover.net
Fri Oct 31 00:15:48 EST 2003
> I take it your issue is that your failed logins aren't being recorded
> for
> AFS/DFS?
>
> The call to setauthdb is needed for correct recording of successful and
> failed logins for some authentication types (eg LDAP).
>
> I can see two possibilities:
> 1) Call loginfailed (and loginsuccess) twice when the authentication DB
> isn't FILES, once with setauthdb(FILES) and once with
> setauthdb(whatever).
I mispoke. The problem actually is privledge separation and setauthdb.
setauthdb requires root, sshd is not running as root during privledge
separation, so the authentication fails.
> I can't follow the changes to configure (which is a machine-generated
> file). What is the issue with the loginfailed test? Could you post a
> patch against configure.ac, which is what autoconf uses to generate
> configure? (preferably "diff -u").
The problem here is the configure test of:
#ifndef loginfailed
char *p = (char *) loginfailed;
#endif
loginfailed is not defined by the compiler and is picked up during the
linking phase. The patch that I put in tests the linking phase rather
than the compiling phase. The code above will always fail on AIX.
> Any particular reason you added wtmp?
AIX has an odd setup for wtmp. I originally patched the 1.2.27 version of
ssh to use AIX's loginsuccess and loginfailed which will take care of
wtmp and lastlog. It seems that openssh-3.7.1 changed it and put it under
CUSTOM_FAILED_LOGIN define. Defining CUSTOM_FAILED_LOGIN, works for this
version.
More information about the openssh-unix-dev
mailing list