sp_expire is 0 in QNX Neutrino

David Bacon bacon at cs.nyu.edu
Wed Sep 19 11:39:11 EST 2007


QNX Neutrino does not support the shadow
password database properly.  Apart from
misdocumenting /etc/shadow as having 4
fields when in fact it has 5 (including
the "last changed" field), its getspnam()
fills in the sp_expire field of the spwd
structure with 0.  And since by default,
shadow support is enabled and the
configure script turns on HAS_SHADOW_EXPIRE
when it finds that field, the built sshd
ends up refusing all connections on the
grounds of an expired account.

I have dealt with this temporarily by
hacking as follows:

========== cut =========
*** auth-shadow.c.was   Sun Apr 29 02:10:58 2007
--- auth-shadow.c       Wed Sep 19 01:04:18 2007
***************
*** 66,71 ****
--- 66,72 ----

         if (spw->sp_expire == -1) {
                 debug3("account expiration disabled");
+ #ifndef __QNXNTO__
         } else if (daysleft < 0) {
                 logit("Account %.100s has expired", spw->sp_namp);
                 return 1;
***************
*** 75,80 ****
--- 76,82 ----
                     "Your account will expire in %d day%s.\n", daysleft,
                     daysleft == 1 ? "" : "s");
                 buffer_append(&loginmsg, buf, strlen(buf));
+ #endif
         }

         return 0;
========= tuc ==========

Note that this also turns off a login
message warning (daysleft is always
negative in Neutrino).

     dB


More information about the openssh-unix-dev mailing list