Because of the reported root compromise vunerability we have upgraded our Solaris servers to the latest current version of ssh. It all works fine thanks, except the PAM interface with Solaris. The impact is that users can no longer be notified that their password needs to be changed. Instead they are locked out. I raised this issue with Sun who are responsible for the PAM which appears to be the main offender. Their response is shown below: Sent: Friday, 12 July 2002 17:13 To: dirk.bockmann@customs.gov.au Subject: 10243779 - Openssh Dirk, Previous versions of OpenSSH worked correctly with the Solaris PAM module up until privsep was added by OpenSSH to overcome a security vunerability issue. The privsep architecture which has been designed is not compatible with PAM, and is outside the scope of how PAM is normally used. ie: It breaks the PAM standard. An alternative is to upgrade to Solaris 9 which ships with SunSSH (a product based on OpenSSH which does not have privsep and by default is not vunerable to the security exploit which privsep resolves). Also, for your reference if there is any feature in OpenSSH 3.3 or newer which does not exist in SunSSH you can log a request for enhancement for the new feature to be included in future releases. Let me know if you require any further information/assistance. Regards, Nicholas Any ideas on where we can progress from here please? WE are far from being in a position to upgrade to Solaris 2.9 many of our machines are still on 2.5.1 because that is what the applications require. WOuld appreciate your advice. Thanks, Dirk
*** Bug 359 has been marked as a duplicate of this bug. ***
Hello, we have upgraded OpenSSH on HP-UX (11.00 and 11.11). The impact is the same as Dirk wrote: No chance to work with passwd -f. By the way: we want to work with LDAP in the near future. Will it work on HP-UX and the current OpenSSH? Thanks for answer, Thomas Kube thomas.kube@gmx.net thomas.kube@otto.de
*** This bug has been marked as a duplicate of 188 ***
Mass change of RESOLVED bugs to CLOSED