1This file contains notes about OpenSSH on specific platforms. 2 3AIX 4--- 5As of OpenSSH 3.8p1, sshd will now honour an accounts password expiry 6settings, where previously it did not. Because of this, it's possible for 7sites that have used OpenSSH's sshd exclusively to have accounts which 8have passwords expired longer than the inactive time (ie the "Weeks between 9password EXPIRATION and LOCKOUT" setting in SMIT or the maxexpired 10chuser attribute). 11 12Accounts in this state must have their passwords reset manually by the 13administrator. As a precaution, it is recommended that the administrative 14passwords be reset before upgrading from OpenSSH <3.8. 15 16As of OpenSSH 4.0, configure will attempt to detect if your version 17and maintenance level of AIX has a working getaddrinfo, and will use it 18if found. This will enable IPv6 support. If for some reason configure 19gets it wrong, or if you want to build binaries to work on earlier MLs 20than the build host then you can add "-DBROKEN_GETADDRINFO" to CFLAGS 21to force the previous IPv4-only behaviour. 22 23IPv6 known to work: 5.1ML7 5.2ML2 5.2ML5 24IPv6 known broken: 4.3.3ML11 5.1ML4 25 26Cygwin 27------ 28To build on Cygwin, OpenSSH requires the following packages: 29gcc, gcc-mingw-core, mingw-runtime, binutils, make, openssl, 30openssl-devel, zlib, minres, minires-devel. 31 32 33Darwin and MacOS X 34------------------ 35Darwin does not provide a tun(4) driver required for OpenSSH-based 36virtual private networks. The BSD manpage still exists, but the driver 37has been removed in recent releases of Darwin and MacOS X. 38 39Nevertheless, tunnel support is known to work with Darwin 8 and 40MacOS X 10.4 in Point-to-Point (Layer 3) and Ethernet (Layer 2) mode 41using a third party driver. More information is available at: 42 http://www-user.rhrk.uni-kl.de/~nissler/tuntap/ 43 44 45Solaris 46------- 47If you enable BSM auditing on Solaris, you need to update audit_event(4) 48for praudit(1m) to give sensible output. The following line needs to be 49added to /etc/security/audit_event: 50 51 32800:AUE_openssh:OpenSSH login:lo 52 53The BSM audit event range available for third party TCB applications is 5432768 - 65535. Event number 32800 has been choosen for AUE_openssh. 55There is no official registry of 3rd party event numbers, so if this 56number is already in use on your system, you may change it at build time 57by configure'ing --with-cflags=-DAUE_openssh=32801 then rebuilding. 58 59 60Platforms using PAM 61------------------- 62As of OpenSSH 4.3p1, sshd will no longer check /etc/nologin itself when 63PAM is enabled. To maintain existing behaviour, pam_nologin should be 64added to sshd's session stack which will prevent users from starting shell 65sessions. Alternatively, pam_nologin can be added to either the auth or 66account stacks which will prevent authentication entirely, but will still 67return the output from pam_nologin to the client. 68 69 70$Id: README.platform,v 1.7 2006/06/23 11:05:13 dtucker Exp $ 71