[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [linux-security] sshd with a custom shadow /bin/login


 > From: Kevin at Paranoia (http://www.ministry.paranoia.com/~kevintx)
 > Date: Tue, 15 Oct 1996 05:53:04 -0500
 > 
 > Sorry, I haven't been able to reach www.cs.hut.fi all morning to check
 > the
 > ssh mailing list archive there and I'm in a bit of a time crunch to
 > find an
 > answer on this.. hopefully someone else can help me (and quick).
 > 
 > I'm using sshd on a linux 2.0.22 system with a custom /bin/login
 > (based on
 > shadow-960810) which I'd like to have invoked from sshd when a login
 > comes
 > in by ssh. As it is, the sshd code contains its own "login" code that
 > I
 > don't want to have to modify for every change that I've made in my
 > shadow
 > login. Besides my other changes in the shadow /bin/login, sshd doesn't
 > allow for MD5CRYPT passwords. Is there any way to have sshd just
 > invoke
 > /bin/login (with the -f flag if the user is preauthenticated) to
 > perform
 > the login? Is there some reason why it doesn't do this already (or at
 > least offer the option)?
 > 
 > How has anyone else dealt with this? Thank you very much.
 > 
 > kevin
 > 
 > --
 >    http://www.ministry.paranoia.com/~kevintx     (personal priority mail address)
 >    <a href="http://www.paranoia.com/"> got nothing better to do? </a>
 > "The Internet interprets the US Congress as damage and routes around it"

Hi.  This was a long time ago, but...

I was trying to see if there was a version of sshd which respected
shadow passwords's expiration dates.  That is, despite a single user using
an authorized_keys file, I want the user to first be warned to change his
password and then to disable the account if the password wasn't changed in
time.

I know this wasn't exactly your issue, but...  Do you know the answer?

Thanks.


Why do you want this page removed?