Bug 1656

Summary: root password considered expired if SIA is not enabled
Product: Portable OpenSSH Reporter: Thomas Quinot <mindrot.org>
Component: sshdAssignee: Assigned to nobody <unassigned-bugs>
Status: NEW ---    
Severity: normal    
Priority: P2    
Version: 5.2p1   
Hardware: Alpha   
OS: Tru64   

Description Thomas Quinot 2009-09-30 18:31:45 AEST 
On a Tru64 5.1A machine where ENHANCED security is not enabled, configure builds in SIA support anyway, and auth-sia does not check whether the security level is BASE or ENHANCED prior to checking password expiration.

So, when logging in as root, the user is prompted for a new password, but in BASE security mode, the password change date is not recorded by passwd(1) (and remains 0), and the next login attempt fails in the same way.