password aging question

BRADLEY PENDERGAST BPENDERGAST at corvis.com.au
Tue May 18 10:06:37 EST 2004 

Apologies for wasting your time on this. Password aging does work.

I forwarded the date on the box ( a crash and burn test box ) and password
aging worked properly. I was trying to fudge the /etc/shadow file during
initial testing.

-----Original Message-----
From: Darren Tucker [mailto:dtucker at zip.com.au]
Sent: Monday, 17 May 2004 5:45 PM
To: BRADLEY PENDERGAST
Cc: 'openssh-unix-dev at mindrot.org'
Subject: Re: password aging question


BRADLEY PENDERGAST wrote:
> Vesion 3.8.1 of OpenSSH has been compiled on a Solaris 8 host. I am having
> difficulties in enabling password aging to work from reading
> /etc/default/passwd and /etc/shadow.

Do you mean 3.8p1 or 3.8.1p1?

> # passwd -f < user-id > works satisfactorily however once a password ages
> through due course from the settings in /etc/default/passwd and
/etc/shadow
> the users are not prompted to change passwords and the user is logged out
> immediatetly.

That sounds a bit like exec'ing /usr/bin/passwd is failing in that case, 
but that's just a guess.

[...]
> Does password aging work with OpenSSH?

It should work in the current version (3.8.1p1), if it doesn't then 
there's a bug somewhere.  I just tried it on my Solaris 8 box with an 
artificially aged password and it worked as expected.

 ># ./configure --prefix=/opt/ssh \
[...]
 >> --with-pgp --with-nologin-allow=/etc/nolgin.allow \

OpenSSH's configure does not have those options.  Are you using a 
vanilla source tree?

Could you please run the server in debug mode and connect with an 
account that has an expired password (eg "/path/to/sshd -ddd -p 2022" 
then connect with "ssh -p 2022 user at yourserver").  Please post the 
output here (also, the corresponding entry from /etc/shadow, minus the 
encrypted password).

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
     Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement
________________________________________________________
NOTICE
The information in this email and or any of the attachments may contain;
a. Confidential information of Credit Union Services Corporation (Australia) Limited (CUSCAL) or third parties; and or
b. Legally privileged information of CUSCAL or third parties; and or
c. Copyright material of CUSCAL or third parties.
If you are not an authorised recipient of this email, please contact CUSCAL immediately by return email or by telephone on 61-2-8299 9000 and delete the email from your system.
We do not accept any liability in connection with computer virus, data corruption, interruption or any damage generally as a result of transmission of this email.

More information about the openssh-unix-dev mailing list