3.8p1 password expiry, Solaris 8
Dmitry Berezin
dberezin at acs.rutgers.edu
Fri Mar 19 11:02:33 EST 2004
Oops, bad test. (I must have forgotten to restart sshd after making changes
to sshd_config. Here are the correct results: after running passwd -f, I get
prompt for password and after typing correct password, I get "Connection
closed by <server ip>". Using passwd -df simply results in three prompts for
password and permission denied after that (This must be the result of
PermitEmptyPasswords=no).
-Dmitry.
> -----Original Message-----
> From: openssh-unix-dev-bounces+dberezin=acs.rutgers.edu at mindrot.org
> [mailto:openssh-unix-dev-bounces+dberezin=acs.rutgers.edu at mindrot.org] On
> Behalf Of Dmitry Berezin
> Sent: Thursday, March 18, 2004 6:51 PM
> To: 'Darren Tucker'; 'Kevin Mack'
> Cc: openssh-unix-dev at mindrot.org
> Subject: RE: 3.8p1 password expiry, Solaris 8
>
> I have just tried expiring a password on Solaris 9 box running 3.8p1 and
> it
> works with keyboard-interactive authentication, but does not work with
> password authentication. If I just expire password with passwd -f, then I
> simply get permission denied. If I also clear it, passwd -df, then I first
> get a prompt for the password and then permission denied.
>
> -Dmitry.
>
> > -----Original Message-----
> > From: openssh-unix-dev-bounces+dberezin=acs.rutgers.edu at mindrot.org
> > [mailto:openssh-unix-dev-bounces+dberezin=acs.rutgers.edu at mindrot.org]
> On
> > Behalf Of Darren Tucker
> > Sent: Thursday, March 18, 2004 6:16 PM
> > To: Kevin Mack
> > Cc: openssh-unix-dev at mindrot.org
> > Subject: Re: 3.8p1 password expiry, Solaris 8
> >
> > Kevin Mack wrote:
> > > I can't seem to get the /etc/shadow password expiry working on
> > > 3.8p1 on Solaris 8. It works fine with 3.7.1p2 and pwexp26.
> > > Logins aren't affected after a 'passwd -df' or 'passwd -f'.
> > [...]
> > > 'ssh -V':
> > > OpenSSH_3.8.p1-pwexp26, SSH protocols 1.5/2.0, OpenSSL 0.9.7c 30 Sep
> > 2003
> >
> > I never released a pwexp patch for 3.8p1, where did you get that?
> >
> > > debug2: we sent a publickey packet, wait for reply
> > > debug1: Server accepts key: pkalg ssh-dss blen 434
> >
> > The password expiry code in 3.8p1 is only checked for password or
> > keyboard-interactive authentications. It does not get checked for
> > public-key (or hostbased) logins.
> >
> > I posted a more details explanation of the differences a while back:
> > http://marc.theaimsgroup.com/?l=openssh-unix-dev&m=107650523726292
> >
> > --
> > Darren Tucker (dtucker at zip.com.au)
> > GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
> > Good judgement comes with experience. Unfortunately, the experience
> > usually comes from bad judgement.
> >
> > _______________________________________________
> > openssh-unix-dev mailing list
> > openssh-unix-dev at mindrot.org
> > http://www.mindrot.org/mailman/listinfo/openssh-unix-dev
>
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> http://www.mindrot.org/mailman/listinfo/openssh-unix-dev
More information about the openssh-unix-dev
mailing list