3.8p1 password expiry, Solaris 8

[Dmitry Berezin]

I have just tried expiring a password on Solaris 9 box running 3.8p1 and it
works with keyboard-interactive authentication, but does not work with
password authentication. If I just expire password with passwd -f, then I
simply get permission denied. If I also clear it, passwd -df, then I first
get a prompt for the password and then permission denied.

  -Dmitry.

> -----Original Message-----
> From: openssh-unix-dev-bounces+dberezin=acs.rutgers.edu at mindrot.org
> [mailto:openssh-unix-dev-bounces+dberezin=acs.rutgers.edu at mindrot.org] On
> Behalf Of Darren Tucker
> Sent: Thursday, March 18, 2004 6:16 PM
> To: Kevin Mack
> Cc: openssh-unix-dev at mindrot.org
> Subject: Re: 3.8p1 password expiry, Solaris 8
> 
> Kevin Mack wrote:
> > I can't seem to get the /etc/shadow password expiry working on
> > 3.8p1 on Solaris 8. It works fine with 3.7.1p2 and pwexp26.
> > Logins aren't affected after a 'passwd -df' or 'passwd -f'.
> [...]
> > 'ssh -V':
> > OpenSSH_3.8.p1-pwexp26, SSH protocols 1.5/2.0, OpenSSL 0.9.7c 30 Sep
> 2003
> 
> I never released a pwexp patch for 3.8p1, where did you get that?
> 
> > debug2: we sent a publickey packet, wait for reply
> > debug1: Server accepts key: pkalg ssh-dss blen 434
> 
> The password expiry code in 3.8p1 is only checked for password or
> keyboard-interactive authentications.  It does not get checked for
> public-key (or hostbased) logins.
> 
> I posted a more details explanation of the differences a while back:
> http://marc.theaimsgroup.com/?l=openssh-unix-dev&m=107650523726292
> 
> --
> Darren Tucker (dtucker at zip.com.au)
> GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
>      Good judgement comes with experience. Unfortunately, the experience
> usually comes from bad judgement.
> 
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> http://www.mindrot.org/mailman/listinfo/openssh-unix-dev