Hi Bob,

HP does a great job in porting OpenSSH to HP-UX. It is available as "HP-UX
Secure Shell" for free (http://software.hp.com). I would recommend you using
this package.
You can download it here:
http://h20293.www2.hp.com/portal/swd...Number=T1471AA

There are a lot of other OpenSource tools portet by HP these days. No need to go
thru the pain of compiling these yourself. Look out for the "HP-UX Internet
Express" collection.
http://h20293.www2.hp.com/portal/swd...r=HPUXIEXP1111


-Markus-


Quoting Bob Jones :

> Hello all. For various reasons, we use a version of openssh (currently
> v 4.2) that is built on a system running HP-UX 11iv1 that has not been
> converted to TCB, but we wish to run it on a system that has been
> converted to TCB. We have noticed that when run this way sshd is not
> updating the last login (u_suclog) field in the TCB and that it doesn't
> honor administrative locks on accounts (lets you log in anyway).
>
> We can get around this by using pam (UsePAM=yes) but this is not the way
> we would prefer to get around this problem.
>
> I've done a number of searches trying to find solutions to this issue,
> and the only one I have really come across is to use pam.
>
> So, here are some questions that hopefully some of you can help us out
> on with answers.
>
> 1. If you compile Openssh on a HP-UX 11iv1 system that has been
> converted to use TCB, does Openssh properly update things like last
> login in the TCB and honor locks set in the TCB?
>
> 2. Is there a compile time and/or config option we can set to force
> Openssh to honor the TCB on a system that has not been converted?
>
> 3. Is it possible to compile openssh in such a way so that the single
> sshd binary will honor both TCB and non-TCB systems?
>
> Thanks for your help!
>
> --
> Bob Jones
> bob.jones@usg.edu
> OIIT, The Board of Regents
> The University System of Georgia
>