From owner-freebsd-security Thu Aug 12 0: 8:46 1999 Delivered-To: freebsd-security@freebsd.org Received: from tasam.com (tasam.com [206.161.83.22]) by hub.freebsd.org (Postfix) with ESMTP id 309A414E69 for ; Thu, 12 Aug 1999 00:08:43 -0700 (PDT) (envelope-from clash@tasam.com) Received: from bug (209-122-199-84.s338.tnt4.lnh.md.dialup.rcn.com [209.122.199.84]) by tasam.com (8.9.3/8.9.1) with SMTP id DAA00218 for ; Thu, 12 Aug 1999 03:08:50 -0400 (EDT) Message-ID: <007701bee491$7c14a070$0286860a@tasam.com> From: "Joe Gleason" To: Subject: making sshd2 check user expiration dates Date: Thu, 12 Aug 1999 03:08:25 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2314.1300 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I'm not sure if security is the right list, but this has to do with allowing or denying access to a system based on expiration date, which I consider relevant to security. Does anyone know how to make sshd2 check user expiration dates? I did a quick test, and telnet, pop3, ftpd and sshd1 all do NOT allow a user with an expired account to login. sshd2 however does. By expired I mean field 7 in master.passwd file having a number that is between 0 and the current time in seconds exclusive. I am running FreeBSD 3.2-stable (a few days old) I installed ssh via installing /usr/ports/security/ssh and then /usr/ports/security/ssh2 (that way I have all the ssh1 stuff for compatibility). I haven't touched the config's much, if at all. I looked through the man page and config files real quick and didn't see anything about user expiration dates. It is 3am, so I could have easily missed something. Anyone with any ideas of experience with this, any help would be appreicated. I would really prefer not to have to hack something odd togather to support expiration dates. Joe Gleason Tasam To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message