Tru64 SIA authentication: can it be called after kerberos?
Darren Tucker
dtucker at zip.com.au
Fri Feb 6 17:20:13 EST 2004
Hi All.
There have recently (well, today :-) been changes to OpenSSH Portable's
auth-passwd.c from OpenBSD to accomodate forced changes of expired
passwords. (Rabid password expirers shoulon't get excited yet, it's
currently bsdauth only, but support for other platforms should start
trickling in shortly).
As part of that, some individual platforms have gained their own
sys_auth_passwd functions. One that hasn't yet is SIA, because it would
mean changing its behaviour to be called *after* Kerberos.
Could someone confirm that this change (the patch attached) will work
with SIA, or explain why it can't be called after Kerberos? (The patch
will apply to snapshot 20040206 or later.)
The next step is to banish the sys_auth_passwd functions to their
respective platform files, which should clean things up somewhat.
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: openssh-sia-move.patch
Url: http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20040206/bd3839d2/attachment.ksh
More information about the openssh-unix-dev
mailing list