--=-QATc+9pX9x6gWTSJWcco Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Wed, 2002-07-10 at 15:38, Ethan Benson wrote: > unfortunatly you get to choose exploitable root hole or no properly > working passwd expiration in ssh at this point. (passwds will expire > and ssh will honor that by happily denying access, giving no > opertunity to pick a new password). I am well aware of the security hole. According to:=20 http://www.openssh.com/txt/preauth.adv -- I must have=20 ChallengeResponseAuthentication or PAMAuthenticationViaKbdInt enabled for the hole to be exploited.=20 Are you suggesting I need both of these enabled in order to get password expiry working correctly? -- well, I have already tried this with no success. I would like to see expiry work correctly. I can patch OpenSSH accordingly and still keep 3.1p1. --=20 Matt Miller Systems Administrator MP TotalCare gpg public key id:=20 08BC7B06 --=-QATc+9pX9x6gWTSJWcco Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQA9LJOHIomZUAi8ewYRAvIwAKDCMRr8CDuvsjH64yKP8YcQfzyKugCguNVj HYdXImla/jF2f4A+PIj//5g= =E7gd -----END PGP SIGNATURE----- --=-QATc+9pX9x6gWTSJWcco--
