Bug 98330
Summary: | openssh server can not handle expired accounts. | ||||||
---|---|---|---|---|---|---|---|
Product: | Red Hat Enterprise Linux 3 | Reporter: | Nick (Gunnar) Bluth <bluth> | ||||
Component: | openssh | Assignee: | Nalin Dahyabhai <nalin> | ||||
Status: | CLOSED ERRATA | QA Contact: | |||||
Severity: | medium | Docs Contact: | |||||
Priority: | medium | ||||||
Version: | 3.0 | CC: | eric-bugs, k.georgiou, raimondi, tao | ||||
Target Milestone: | --- | Keywords: | Security | ||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | openssh-3.6.1p2-33.30.1 | Doc Type: | Bug Fix | ||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2004-07-31 10:46:53 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Bug Depends On: | 83585 | ||||||
Bug Blocks: | 100644 | ||||||
Attachments: |
|
Description
Nick (Gunnar) Bluth
2003-07-01 09:01:38 UTC
I've had this exact same problem, and it's highly annoying for my users, some of whom only log in once every few months. Created attachment 94530 [details]
patch to enable pasword expiration/updating with Privilege Separation turned off
This patch allows password expiration/updates to work properly as long as
UsePrivilegeSeparation is set to no is /etc/ssh/sshd_config. For some reason
the code which handles password changes was #if0-ed out in sshd, but it appears
to have no effect on system operation is separation is turned on.
This seems to affect Red Hat Enterprise Linux 3 too. Any chance to see a fix (at least for RHEL)? Any news regarding this? At least a user "&npsb; " has closed our service request.... (#273211) We're really suffering from this, since you have to ask a colleauge to reset your password if it expires (which is no fun at, say, 3 a.m. on a Sunday....) Nick (Gunnar) Bluth Any chances to see a fix soon? It's ridiculous! Our service request (open since Nov. has been closed _again_, but this time, I can't reopen it (!). This request is from Nov 20., 2003, there are patches to fix the problem, and it affects the EL 3 line. With this "feature", RHEL is not really "enterprise ready", so why don't we see any motion in this?!? It would be nice to at least see this bug changing from "NEW" to something more motivating (e.g. "ERRATA" ;-)..... Giuseppe, I hope "contract" is a higher priority...? We really do suffer from this! Nick (Gunnar) Bluth Dresdner Kleinwort Wassestein Dresdner Bank AG Allianz Group I have not seen this problem in SuSE EL 8, perhaps SuSE is ready for the enterprise and Redhat is not? I am currently having this problem in my environment with my RHEL 3 systems and it is rather unacceptable. We are an ssh only shop that sets passwords and then likes to use the force on next login option. (good security measure, but can't be implemented as long as this problem exists.) As I see, this is still "NEW", 'though #83585 says there is a fix "in sight"... that was 2004-03-04, also more than a month ago... Looking at the first entry shows: Opened by Nick (Gunnar) Bluth (bluth) on 2003-07-01 05:01 !!!!!!!!!!!!!!!!! I mean, this is no longer funny, is it? We had to manually un-age 12 developers on 24 boxes. This probably took us more time than applying the patch and releasing an Erratum would have taken at RH.... |