Trusted HP-UX 10.26
kevin at atomicgears.com
Fri Mar 29 08:25:43 EST 2002
On Tue, 26 Mar 2002, Darren Cole wrote:
:> i don't understand this. why do you need the hashed password here?
:> openssh works today with hp-ux commercial security--why is CMW different?
:> see auth-passwd.c. also, why did you change only auth2.c and not auth1.c?
:I need the password here because I found that sshd would fail otherwise.
:The normal getpwnam does not get the password. Further down (not shown in
:the patch) there is a line: authenticated = m->userauth(authtxt);
:authtxt now has the password information. Without the getprpwnam call,
:authtxt wont get the encrypted password.
you should look at auth_password(); there is already hp-ux code there
doing most of what you need. auth2 should not be changed.
:Hmm... Now that I know a bit more about autoconf, I see how I could make
:HAVE_SCO_PROTECTED_PW be defined on trusted hp-ux. Then I could move this
:functionality to auth-passwd.c. Thanks, I will try that before I post my
:next try at the patch.
:I didn't look at auth1.c because it didn't fail in my testing. (though it
:probably would have if I had tested using ssh1 protocal).
:> :diff -cr openssh-3.1p1.orig/session.c openssh-3.1p1/session.c
:> :*** openssh-3.1p1.orig/session.c Mon Feb 25 15:48:03 2002
:> :--- openssh-3.1p1/session.c Fri Mar 22 22:56:30 2002
:> :*** 1285,1291 ****
:> :--- 1285,1297 ----
:> : #ifdef LOGIN_NEEDS_TERM
:> : (s->term ? s->term : "unknown"),
:> : #endif /* LOGIN_NEEDS_TERM */
:> :+ #ifdef TRUSTED_HPUX
:> :+ // the "--" makes login hang on Trusted HP-UX
:> :+ // 10.26
:> :+ "-p", "-f", pw->pw_name, (char *)NULL);
:> :+ #else
:> : "-p", "-f", "--", pw->pw_name, (char *)NULL);
:> :+ #endif
:> : /* Login couldn't be executed, die. */
:> do you require UseLogin yes?
:Yes. It seems much easier to let login taking care of checking and setting
:all that needs to be done on a CMW, instead of duplicating all of that work
login doesn't use getopt()?
More information about the openssh-unix-dev