Bug 1774 - wtmp and lastlog on AIX
Summary: wtmp and lastlog on AIX
Status: CLOSED FIXED
Alias: None
Product: Portable OpenSSH
Classification: Unclassified
Component: Build system (show other bugs)
Version: 5.5p1
Hardware: All AIX
: P2 normal
Assignee: Assigned to nobody
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2010-06-03 22:27 AEST by Matt Richards
Modified: 2011-01-26 03:13 AEDT (History)
2 users (show)

See Also:

Attachments
add conf_wtmp_location and conf_lastlog_location for AIX (551 bytes, patch)
2010-06-03 22:27 AEST, Matt Richards 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Matt Richards 2010-06-03 22:27:18 AEST 
Created attachment 1852 [details]
add conf_wtmp_location and conf_lastlog_location for AIX

Configure doesn't determine the wtmp or the lastlog location on AIX. Modify configure to explicitly add the paths. add conf_wtmp_location and conf_lastlog_location for AIX
Comment 1 Darren Tucker 2011-01-17 20:35:19 AEDT 
Comment on attachment 1852 [details]
add conf_wtmp_location and conf_lastlog_location for AIX

looks reasonable (the change actually has to go into configure.ac) but I'm curious about why you need it: the login records are written through loginsuccess().

Are you building without WITH_AIX_AUTHENTICATE?
Comment 2 Darren Tucker 2011-01-17 21:58:27 AEDT 
Comment on attachment 1852 [details]
add conf_wtmp_location and conf_lastlog_location for AIX

>+         conf_wtmp_location=/var/adm/wtmp
>+         conf_lastlog_location="/etc/security/lastlog"

Actually on further investigation, this looks wrong (/etc/security/lastlog on AIX is a text format, not the binary format sshd would write).

Taking this off the list for 5.7p1 until I understand what problem this is fixing.
Comment 3 Matt Richards 2011-01-25 04:14:33 AEDT 
I do compile with WITH_AIX_AUTHENTICATE as well as  -DCUSTOM_FAILED_LOGIN (I was the author of those many years ago). At one point CUSTOM_FAILED_LOGIN was not needed as it was part of WITH_AIX_AUTHENTICATE, not sure why it was moved into it's own DEFINE as it is needed for AIX to log the appropriate entries. I will have to reinvestigate this one as it has been a long time.
Comment 4 Matt Richards 2011-01-25 05:22:01 AEDT 
After some testing - with/without keys, /var/adm/wtmp, /etc/security/lastlog, login_success, login_failure, restricted_logins all seem to work on AIX for openssh 5.7 without any addition patches needed.

This bug can be closed. Thanks!
Comment 5 Darren Tucker 2011-01-25 11:51:21 AEDT 
Thanks.  One thing to be aware of is that binaries compiled on AIX4 won't log wtmp entries correctly on AIX5 systems, could this have been what you saw?
Comment 6 Matt Richards 2011-01-26 03:13:42 AEDT 
I compile openssh for each OS level, so wtmp should have not been an issue.

 I have been doing this patch and defining CUSTOM_FAILED_LOGIN for years, so whatever the reason was initially does not seem to be the case now as it works just as well without the patch. Perhaps I was shooting myself in the foot by defining CUSTOM_FAILED_LOGIN.

Thanks for looking into this.