Password expiration

David Magda dmagda+netnews at ee.ryerson.ca
Sat Mar 8 10:09:59 EST 2003


jfh at cise.ufl.edu ("James F.Hranicky") writes:
[...]
> sshd currently is having problems with password expiry due to the
> new privsep code, at least as far as I can tell from the openssh
> list.  Right now, in readpassphrase(), the function does a
[...]

The privsep code can be turned off. This of course increases risks to
remote exploits but it is a possible temporary solution with the
OpenSSH crew work things out.

Which version of OpenSSH are you using? Supposedly 3.5 fixes some
issues with Kerberos (I don't know specifics).

-- 
David Magda <dmagda at ee.ryerson.ca>
Because the innovator has for enemies all those who have done well under
the old conditions, and lukewarm defenders in those who may do well 
under the new. -- Niccolo Machiavelli, _The Prince_, Chapter VI


More information about the Kerberos mailing list