[9436] in bugtraq
Re: SSH 1.x and 2.x Daemon
daemon@ATHENA.MIT.EDU (Tibor Toronyi)
Tue Feb 9 16:39:33 1999
Date: Mon, 8 Feb 1999 12:08:28 -0500
Reply-To: Tibor Toronyi <tibor@BLACK-OPS.UWINDSOR.CA>
From: Tibor Toronyi <tibor@BLACK-OPS.UWINDSOR.CA>
To: BUGTRAQ@NETSPACE.ORG
----- KuRuPTioN wrote -----
> I have been brainstorming with a few people and I have found a solution to
> the problem I was experiencing. This solution works in both SSH 1.2.26 (not
> 1.2.27, as I was delusional that day) and SSH 2.0.11.
>
> In SSH 1.2.26 adding the -DHAVE_STRUCT_SPWD_EXPIRE to the Makefile in the
> top of the SSH tree with fix the problem.
As a side note (after checking into this problem), I noticed that the
server code ONLY checks for "*LK*" in the password field to see if the
person is disabled. Not sure of other places but we've had to modify the
code a bit so that instead of
if ((strncmp(passwd,"*LK*", 4) == 0)
I'd recommend
if ((strchr (passwd, '*') != (char *) NULL)
--------------------------------------------------------------------------
Tibor Toronyi voice: (519) 253-4232 ext. 2753
Information Technology Services fax: (519) 973-7083
University of Windsor email: tibor@uwindsor.ca
Windsor, Ontario, Canada /* Live long and prosper. */
N9B 3P4 /* Mr. Spock */
PGP Public Key: finger tibor@black-ops.uwindsor.ca
http://black-ops.uwindsor.ca/pgp
