When logging into an account where a password change is required, the user is prompted for the password change but is not logged off afterward. The password is changed correctly. The following message apprears in the syslog after the new password is entered for the second time, and then again a few seconds later: auth|security:err|error sshd[23438]: error: getsockname failed: A file descriptor does not refer to an open file. This happens any time root changes the user's password (i.e. the ADMCHG flag is set). I do not know if it happens when the password expires. Environment: AIX 5.3.03 OpenSSH_4.1p1, OpenSSL 0.9.7g 11 Apr 2005 OpenSSH was downloaded from IBM's Sourceforge "OpenSSH on AIX" project (http://sourceforge.net/projects/openssh-aix) I do not know what compile options were used. sshd_config options and sshd debug output will be attached.
Created attachment 1045 [details] sshd debug output sshd -ddd output for both normal and forced password change sessions
Created attachment 1046 [details] sshd_config
Created attachment 1047 [details] ssh_config
IBM's packages have modifications in them and I don't know exactly what those are. Does the problem occur with 4.2p1 built from the source from http://openssh.com?
(In reply to comment #4) > IBM's packages have modifications in them and I don't know exactly what those > are. > Does the problem occur with 4.2p1 built from the source from > http://openssh.com? I don't know. I had been rolling my own for years, but decided to use IBM's package because I tried two or three times, but was not able to compile 4.1 myself. When I get some time, I'll try again with 4.2. Is IBM's source not available?
(In reply to comment #5) > I don't know. I had been rolling my own for years, but decided to use IBM's > package because I tried two or three times, but was not able to compile 4.1 > myself. When I get some time, I'll try again with 4.2. "The source won't compile" is something we can help with, but "some else's binaries don't work" isn't. I test regularly on AIX with gcc so that usually works, however I no longer have access to any of the IBM native compilers (xlc, vac). I don't have access to a 5.3 box though, so it could be something peculiar to that version. Alternatively, I provide precompiled packages of the vanilla source (the most recent one also being 4.1, I never got around to packaging 4.2) at http://www.zip.com.au/~dtucker/openssh/ . If you trust me (but you shouldn't :-) you could use these on a test box to quickly determine whether or not the problem exists in an unmodified sshd. > Is IBM's source not available? There's source (or diffs, I forget which) for some older versions of the package but not the current ones. I'm reasonably sure that there are some additional changes between the the versions for which source is available.
Tried reproducing with 4.3p2 on AIX 5200-05 (I don't have access to 5.3) with an account flagged ADMCHG and it worked OK. Sorry, but we can't help with third-party binary packages, closing bug. If you can reproduce with vanialla 4.3p2 then please reopen, or if you are still having building 4.3p2 from source please open a new bug for that.
Change all RESOLVED bug to CLOSED with the exception of the ones fixed post-4.4.