| Summary: | No last login message with PrivSep under AIX | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| Product: | Portable OpenSSH | Reporter: | Heinrich.Mislik | ||||||||
| Component: | sshd | Assignee: | OpenSSH Bugzilla mailing list <openssh-bugs> | ||||||||
| Status: | CLOSED FIXED | ||||||||||
| Severity: | normal | CC: | genty | ||||||||
| Priority: | P2 | ||||||||||
| Version: | -current | ||||||||||
| Hardware: | PPC | ||||||||||
| OS: | AIX | ||||||||||
| Attachments: |
|
||||||||||
|
Description
Heinrich.Mislik
2002-07-16 20:30:35 AEST
It looks like the call to loginsuccess() fails because it's done as a non-privileged user. This is bad because in addition to generating the message it also clears the failed login counter that leads to account lockout. The following patch fixes it for me but I'm not sure this is the right approach. I still don't properly understand privsep... Would someone who does please sanity-check this? Created attachment 140 [details]
Move loginsuccess call into auth.c so it works with privsep on
*** Bug 385 has been marked as a duplicate of this bug. *** Ignore previous patch, it's plain wrong. It clears the counter whether or not the login was successful. Created attachment 141 [details]
Move loginsuccess to auth-passwd.c
Relocated loginsuccess call as per comments in bugid 385.
Removed unused loginmsg variable.
Created attachment 142 [details]
Enables tracking of unsuccessful logins on AIX
I've included a patch that adds one line to the end of the previous
auth-passwd.c patch, #141. Before, AIX unsuccessful logins would go unnoticed.
In the enclosed patch, if the AIX authenticate in unsuccessful the loginfailed
subroutine is run, which logs the unsuccessful login to
/etc/security/failedlogin as well as updates the user's attributes in
/etc/security/lastlog
While that's true of 3.4p1 the loginfailed() bug has been fixed in -current for a while (see bug #145) Darren's patch applied. Thanks. Mass change of RESOLVED bugs to CLOSED |