Flags in pam_password_change_required() (auth-pam.c)
Darren Tucker
dtucker at zip.com.au
Mon Mar 29 22:24:07 EST 2004
Frank Mohr wrote:
> I just "stumbled" over the flags settings in
> pam_password_change_required().
> As far as I looked over the OpenSSH code, setting/resetting the 2nd bit
> in those flags from auth-options.c whould only make sense if the flags
> are checked to be 0/1 in the remaining OpenSSH code.
Think: bit 1 = disabled by server config, bit 2 = disabled because
password is expired and not yet changed. Bit 2 gets cleared if the user
successfully changes the password, but if the server config denies it
then the forwarding request will still be denied.
The code that checks those flags looks like:
if (!no_port_forwarding_flag)
[...]
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
More information about the openssh-unix-dev
mailing list