723 – Password expire not working properly

Bug 723 - Password expire not working properly

Summary: Password expire not working properly

Status:	CLOSED FIXED

Alias:	None

Product:	Portable OpenSSH
Classification:	Unclassified
Component:	sshd (show other bugs)
Version:	-current
Hardware:	SPARC Solaris

Importance:	P2 major
Assignee:	Darren Tucker

URL:
Keywords:

Depends on:
Blocks:

Reported:	2003-09-30 22:07 AEST by Stefan Sundman
Modified:	2004-04-14 12:24 AEST (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Stefan Sundman 2003-09-30 22:07:00 AEST

I have compiled openssh-3.7.1p2 with pwexp24 with following options:

./configure --prefix=/usr/local --with-pam --enable-static=yes
--sysconfdir=/usr/local/etc --without-rand-helper --libdir=/usr/lib

I have run some tests on password expire, and cannot get it to function
properly. When I force a user to change his/hers password at next login, they
get in without changing the password. When I telnet to the system it works
properly. Here is a printout of selected commands:

bash-2.05# pkginfo -l OBSDssh
   PKGINST:  OBSDssh
      NAME:  OpenSSH for Solaris
  CATEGORY:  application
      ARCH:  sparc
   VERSION:  3.7.1p2-pwexp24
   BASEDIR:  /
    PSTAMP:  ps15120030924133714
  INSTDATE:  Sep 24 2003 13:38
    STATUS:  completely installed
     FILES:     54 installed pathnames
                10 shared pathnames
                 5 linked files
                18 directories
                12 executables
                 1 setuid/setgid executables
             12505 blocks used (approx)

bash-2.05# uname -r
5.8

bash-2.05# passwd peter
New password: 
Re-enter new password: 
passwd (SYSTEM): passwd successfully changed for peter

bash-2.05# ssh -l peter localhost
peter@localhost's password: 
Warning: No xauth data; using fake authentication data for X11 forwarding.
Last login: Tue Sep 30 13:42:23 2003 from localhost

Sun Microsystems Inc.   SunOS 5.8       Generic Patch   October 2001
Test by stebo
Sun Microsystems Inc.   SunOS 5.8       Generic Patch   October 2001
Test by stebo
$ Connection to localhost closed.

bash-2.05# passwd -f peter

bash-2.05# ssh -l peter localhost
peter@localhost's password: 
Warning: No xauth data; using fake authentication data for X11 forwarding.
Last login: Tue Sep 30 13:54:06 2003 from localhost

Sun Microsystems Inc.   SunOS 5.8       Generic Patch   October 2001
Test by stebo
Sun Microsystems Inc.   SunOS 5.8       Generic Patch   October 2001
Test by stebo
$ Connection to localhost closed.

I have no idea why this doesn't work. 
Would be very glad if some masterminded soul could enlighten me ;)

Regards 
Stefan

Comment 1 Darren Tucker 2003-09-30 22:17:01 AEST

Is HAS_SHADOW_EXPIRE undef'ed in config.h?  Try adding "#define 
HAS_SHADOW_EXPIRE 1" to config.h and recompiling.

Since that patch isn't part of OpenSSH itself (although the probable cause is), 
I'm re-assigning to me.

Comment 2 Stefan Sundman 2003-09-30 22:43:25 AEST

Works like a charm, You are the man.....

Comment 3 Damien Miller 2004-04-14 12:24:19 AEST

Mass change of RESOLVED bugs to CLOSED