sp_expire is 0 in QNX Neutrino

David Bacon bacon at cs.nyu.edu
Wed Sep 19 22:55:23 EST 2007

Tim Rice wrote, circa 2007-09-18 22:20 MDT:
> On Tue, 18 Sep 2007, David Bacon wrote:
>> QNX Neutrino does not support the shadow
>> password database properly.  Apart from
>> misdocumenting /etc/shadow as having 4
>> fields when in fact it has 5 (including
>> the "last changed" field), its getspnam()
>> fills in the sp_expire field of the spwd
>> structure with 0.  And since by default,
>> shadow support is enabled and the
>> configure script turns on HAS_SHADOW_EXPIRE
>> when it finds that field, the built sshd
>> ends up refusing all connections on the
>> grounds of an expired account.
> What happens if you undef HAS_SHADOW_EXPIRE in config.h?

I would expect that to work, but be harder to
maintain.  (Odd that this macro isn't called
HAVE_SHADOW_EXPIRE, by the way, isn't it.)

Presumably a proper solution is to have
configure.ac recognize the existence of
broken shadow password expiry support, and
define a symbol reflecting that.  Or at
least to have it beef up the check that
allows HAS_SHADOW_EXPIRE to be defined.


More information about the openssh-unix-dev mailing list