diff options
| author | Darren Tucker <dtucker@zip.com.au> | 2006-08-30 14:33:09 +0200 |
|---|---|---|
| committer | Darren Tucker <dtucker@zip.com.au> | 2006-08-30 14:33:09 +0200 |
| commit | 26d4e19caa3013f57dc3c1462847eceaac6a1d7d (patch) | |
| tree | 0ef89a92e02a33a1681ebdf4e667f86bb6e15059 /auth.c | |
| parent | - (djm) [openbsd-compat/xcrypt.c] needs unistd.h (diff) | |
| download | openssh-26d4e19caa3013f57dc3c1462847eceaac6a1d7d.tar.xz openssh-26d4e19caa3013f57dc3c1462847eceaac6a1d7d.zip | |
- (dtucker) [auth.c openbsd-compat/port-aix.c] Bug #1207: always call
loginsuccess on AIX immediately after authentication to clear the failed
login count. Previously this would only happen when an interactive
session starts (ie when a pty is allocated) but this means that accounts
that have primarily non-interactive sessions (eg scp's) may gradually
accumulate enough failures to lock out an account. This change may have
a side effect of creating two audit records, one with a tty of "ssh"
corresponding to the authentication and one with the allocated pty per
interactive session.
Diffstat (limited to 'auth.c')
| -rw-r--r-- | auth.c | 5 |
1 files changed, 5 insertions, 0 deletions
@@ -279,6 +279,11 @@ auth_log(Authctxt *authctxt, int authenticated, char *method, char *info) strcmp(method, "challenge-response") == 0)) record_failed_login(authctxt->user, get_canonical_hostname(options.use_dns), "ssh"); +# ifdef WITH_AIXAUTHENTICATE + if (authenticated) + sys_auth_record_login(authctxt->user, + get_canonical_hostname(options.use_dns), "ssh", &loginmsg); +# endif #endif #ifdef SSH_AUDIT_EVENTS if (authenticated == 0 && !authctxt->postponed) |