Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Secure-Shell
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: SCO OpenServer 5.0.5 authenticates locked accounts

from [Powell, Scott] Network Security [Permanent Link]
Subject: RE: SCO OpenServer 5.0.5 authenticates locked accounts
Date: Thu, 20 Apr 2006 12:40:41 -0400 
This older version of SCO doesn't support PAM.

However, I was able to finally get this working. Basically the issue was
that the configure.ac file had defined DISABLE_SHADOW, but we are indeed
using shadow passwords. I caught this early on but if I removed this
definition I could never get ssh to compile due to errors in xcrypt.c.

Finally, I added the following two lines to the top of auth.c, leaving
the DISABLE_SHADOW definition in place in configure.ac.

#define USE_SHADOW
#define LOCKED_PASSWD_PREFIX "*LK*"

Locked accounts are now getting receiving permission denied which is
expected.

-----Original Message-----
From: Venkatachalam, Saravanakumar [mailto:saravan@ti.com] 
Sent: Wednesday, April 19, 2006 12:58 AM
To: Powell, Scott
Cc: secureshell@securityfocus.com
Subject: Re: SCO OpenServer 5.0.5 authenticates locked accounts

Scott,

How about using PAM ? I'm not sure if SCO OpenServer 5.0.5 has PAM
support.

regards,
saravan
Powell, Scott wrote:

I have noticed that SSH compiled for SCO OpenServer 5.0.5 is
authenticating locked accounts. I have tried re-compiling the latest
portable version, 4.3p2, as well as some older versions. I also tried

a

Skunkware version supplied by SCO. All of these are authenticating
locked accounts. I even messed around in configure.ac and added
AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*") to the *-*-sco3.2v5*

definitions

(locked accounts have a *LK* in the shadow file as a prefix to the
encrypted password hash.

Does anyone have any recommendations or workarounds?

Thanks,
Scott
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: X11 tuneling: a hard to fix problem, Mark Senior
Next by Date:  Re: Permission denied - check you console, Christ, Bryan
Previous by Thread:  RE: SCO OpenServer 5.0.5 authenticates locked accounts, Powell, Scott
Next by Thread:  Disable get command in sftp, wslim22
Indexes:  [Date] [Thread] [Top] [All Lists]