Bug Report

Darren Tucker dtucker at zip.com.au
Fri Dec 3 11:59:32 EST 2004

Kantor, Harry S CIV NAVSURFWARCEN CSS, 376 / 110E wrote:
> I am running OpenSSH_3.7.1p2 on an HPUX 10.10 operating system.

Wow, I haven't seen that HP-UX version in a long time.

> I  recently converted my OS to a trusted system, which, among other things,
> shadows passwords in the /etc/passwd file. In order to shadow the user
> passwords, a '*' character is used. Unfortunately, the documentation for
> sshd states that, for HP operating systems, a '*' character in the
> /etc/passwd file is a sign that the user's account is locked out of ssh
> logins.

To work around the problem, comment out the LOCKED_PASSWD_STRING line in 
config.h after running configure but before running make.

I think newer versions of OpenSSH will work OK: we changed sshd so it 
would always use the shadow functions on HP-UX if they're available, and 
getspnam() should return the correct password from /tcb/* rather than 
/etc/passwd, and thus won't have this problem.

Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
     Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

More information about the openssh-unix-dev mailing list