sp_expire is 0 in QNX Neutrino
David Bacon
bacon at cs.nyu.edu
Wed Sep 19 11:39:11 EST 2007
QNX Neutrino does not support the shadow
password database properly. Apart from
misdocumenting /etc/shadow as having 4
fields when in fact it has 5 (including
the "last changed" field), its getspnam()
fills in the sp_expire field of the spwd
structure with 0. And since by default,
shadow support is enabled and the
configure script turns on HAS_SHADOW_EXPIRE
when it finds that field, the built sshd
ends up refusing all connections on the
grounds of an expired account.
I have dealt with this temporarily by
hacking as follows:
========== cut =========
*** auth-shadow.c.was Sun Apr 29 02:10:58 2007
--- auth-shadow.c Wed Sep 19 01:04:18 2007
***************
*** 66,71 ****
--- 66,72 ----
if (spw->sp_expire == -1) {
debug3("account expiration disabled");
+ #ifndef __QNXNTO__
} else if (daysleft < 0) {
logit("Account %.100s has expired", spw->sp_namp);
return 1;
***************
*** 75,80 ****
--- 76,82 ----
"Your account will expire in %d day%s.\n", daysleft,
daysleft == 1 ? "" : "s");
buffer_append(&loginmsg, buf, strlen(buf));
+ #endif
}
return 0;
========= tuc ==========
Note that this also turns off a login
message warning (daysleft is always
negative in Neutrino).
dB
More information about the openssh-unix-dev
mailing list