From owner-freebsd-security Thu Aug 12 4: 0:33 1999 Delivered-To: freebsd-security@freebsd.org Received: from shiva.eu.org (cx943344-a.fed1.sdca.home.com [24.0.167.187]) by hub.freebsd.org (Postfix) with ESMTP id AC40615705 for ; Thu, 12 Aug 1999 04:00:27 -0700 (PDT) (envelope-from bigby@shiva.eu.org) Received: from localhost (bigby@localhost) by shiva.eu.org (8.9.3/8.9.3) with ESMTP id DAA20863; Thu, 12 Aug 1999 03:59:34 -0700 (PDT) (envelope-from bigby@shiva.eu.org) Date: Thu, 12 Aug 1999 03:59:30 -0700 (PDT) From: Bigby Findrake To: Joe Gleason Cc: freebsd-security@FreeBSD.ORG Subject: Re: making sshd2 check user expiration dates In-Reply-To: <007701bee491$7c14a070$0286860a@tasam.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, 12 Aug 1999, Joe Gleason wrote: > I'm not sure if security is the right list, but this has to do with allowing > or denying access to a system based on expiration date, which I consider > relevant to security. > > Does anyone know how to make sshd2 check user expiration dates? > > I did a quick test, and telnet, pop3, ftpd and sshd1 all do NOT allow a user > with an expired account to login. > sshd2 however does. > > By expired I mean field 7 in master.passwd file having a number that is > between 0 and the current time in seconds exclusive. > > I am running FreeBSD 3.2-stable (a few days old) > > I installed ssh via installing /usr/ports/security/ssh and then > /usr/ports/security/ssh2 (that way I have all the ssh1 stuff for > compatibility). I haven't touched the config's much, if at all. I looked > through the man page and config files real quick and didn't see anything > about user expiration dates. It is 3am, so I could have easily missed > something. Anyone with any ideas of experience with this, any help would be > appreicated. I would really prefer not to have to hack something odd > togather to support expiration dates. This is a shot in the dark but I would suggest playing with the "UseLogin" parameter in the /etc/sshd_config file. /-------------------------------------------------------------------------/ Experience is something you don't get until just after you need it. finger bigby@shiva.eu.org for my pgpkey e-mail bigby@pager.shiva.eu.org to page me /-------------------------------------------------------------------------/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message