sp_expire is 0 in QNX Neutrino
David Bacon
bacon at cs.nyu.edu
Wed Sep 19 22:55:23 EST 2007
Tim Rice wrote, circa 2007-09-18 22:20 MDT:
> On Tue, 18 Sep 2007, David Bacon wrote:
>
>> QNX Neutrino does not support the shadow
>> password database properly. Apart from
>> misdocumenting /etc/shadow as having 4
>> fields when in fact it has 5 (including
>> the "last changed" field), its getspnam()
>> fills in the sp_expire field of the spwd
>> structure with 0. And since by default,
>> shadow support is enabled and the
>> configure script turns on HAS_SHADOW_EXPIRE
>> when it finds that field, the built sshd
>> ends up refusing all connections on the
>> grounds of an expired account.
>
> What happens if you undef HAS_SHADOW_EXPIRE in config.h?
I would expect that to work, but be harder to
maintain. (Odd that this macro isn't called
HAVE_SHADOW_EXPIRE, by the way, isn't it.)
Presumably a proper solution is to have
configure.ac recognize the existence of
broken shadow password expiry support, and
define a symbol reflecting that. Or at
least to have it beef up the check that
allows HAS_SHADOW_EXPIRE to be defined.
dB
More information about the openssh-unix-dev
mailing list