<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<META NAME="Generator" CONTENT="MS Exchange Server version 5.5.2653.12">
<TITLE>RE: Call for testing for 3.5 OpenSSH</TITLE>
</HEAD>
<BODY>
<P><FONT SIZE=2>For whatever its worth, we're doing the same thing with no problems so far. We turned the auth-pam stuff on and privsep off. We'd love to use privsep, but usable password aging is more important.</FONT></P>
<P><FONT SIZE=2>-----Original Message-----</FONT>
<BR><FONT SIZE=2>From: Darren Tucker [<A HREF="mailto:dtucker@zip.com.au">mailto:dtucker@zip.com.au</A>]</FONT>
<BR><FONT SIZE=2>Sent: Thursday, September 26, 2002 2:12 AM</FONT>
<BR><FONT SIZE=2>To: Damien Miller</FONT>
<BR><FONT SIZE=2>Cc: Jeff Koenig; Portable OpenSSH</FONT>
<BR><FONT SIZE=2>Subject: Re: Call for testing for 3.5 OpenSSH</FONT>
</P>
<BR>
<P><FONT SIZE=2>Damien Miller wrote:</FONT>
<BR><FONT SIZE=2>> On Thu, 2002-09-26 at 09:09, Jeff Koenig wrote:</FONT>
<BR><FONT SIZE=2>> > Can someone reply and let me know what the status is</FONT>
<BR><FONT SIZE=2>> > on getting the PAM password expiration on Solaris</FONT>
<BR><FONT SIZE=2>> > issue working on OpenSSH?</FONT>
<BR><FONT SIZE=2>> </FONT>
<BR><FONT SIZE=2>> It won't happen for 3.5p1. Maybe for 3.6p1 if people fix and test it.</FONT>
</P>
<P><FONT SIZE=2>I've been using the existing code in auth-pam.c (minus the "#if 0"</FONT>
<BR><FONT SIZE=2>obviously) on a couple of Solaris 7 systems. It seems to work OK as long</FONT>
<BR><FONT SIZE=2>as you're not using privsep.</FONT>
</P>
<P><FONT SIZE=2>Would it be possible to wrap it inside "if (!use_privsep)" until the</FONT>
<BR><FONT SIZE=2>privsep case is fixed, or is this bad because it encourages people to</FONT>
<BR><FONT SIZE=2>use non-privsep configurations? I can provide the (trivial) patch for</FONT>
<BR><FONT SIZE=2>this if anyone wants it.</FONT>
</P>
<P><FONT SIZE=2>-- </FONT>
<BR><FONT SIZE=2>Darren Tucker (dtucker at zip.com.au)</FONT>
<BR><FONT SIZE=2>GPG Fingerprint D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69</FONT>
<BR><FONT SIZE=2> Good judgement comes with experience. Unfortunately, the experience</FONT>
<BR><FONT SIZE=2>usually comes from bad judgement.</FONT>
<BR><FONT SIZE=2>_______________________________________________</FONT>
<BR><FONT SIZE=2>openssh-unix-dev@mindrot.org mailing list</FONT>
<BR><FONT SIZE=2><A HREF="http://www.mindrot.org/mailman/listinfo/openssh-unix-dev" TARGET="_blank">http://www.mindrot.org/mailman/listinfo/openssh-unix-dev</A></FONT>
</P>
<CODE><FONT SIZE=3><BR>
<BR>
***********************************************************************************<BR>
WARNING: All e-mail sent to and from this address will be received or<BR>
otherwise recorded by the A.G. Edwards corporate e-mail system and is<BR>
subject to archival, monitoring or review by, and/or disclosure to,<BR>
someone other than the recipient.<BR>
************************************************************************************<BR>
</FONT></CODE></BODY>
</HTML>