--- a/usr/src/cmd/ssh/libssh/common/readconf.c	Fri Apr 06 11:23:51 2007 -0700
+++ b/usr/src/cmd/ssh/libssh/common/readconf.c	Fri Apr 06 11:58:25 2007 -0700
@@ -330,7 +330,7 @@
 		if ((value = convtime(arg)) == -1)
 			fatal("%s line %d: invalid time value.",
 			    filename, linenum);
-		if (*intptr == -1)
+		if (*activep && *intptr == -1)
 			*intptr = value;
 		break;
 

--- a/usr/src/cmd/ssh/sshd/auth.c	Fri Apr 06 11:23:51 2007 -0700
+++ b/usr/src/cmd/ssh/sshd/auth.c	Fri Apr 06 11:58:25 2007 -0700
@@ -22,7 +22,7 @@
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 /*
- * Copyright 2004 Sun Microsystems, Inc.  All rights reserved.
+ * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  */
 
@@ -477,6 +477,7 @@
 	uid_t uid;
 	char buf[MAXPATHLEN], homedir[MAXPATHLEN];
 	char *cp;
+	int comparehome = 0;
 	struct stat st;
 
 	if (pw == NULL)
@@ -489,11 +490,16 @@
 		    strerror(errno));
 		return -1;
 	}
-	if (realpath(pw->pw_dir, homedir) == NULL) {
-		snprintf(err, errlen, "realpath %s failed: %s", pw->pw_dir,
-		    strerror(errno));
-		return -1;
-	}
+
+	/*
+	 * A user is not required to have all the files that are subject to
+	 * the strict mode checking in his/her home directory. If the
+	 * directory is not present at the moment, which might be the case if
+	 * the directory is not mounted until the user is authenticated, do
+	 * not perform the home directory check below.
+	 */
+	if (realpath(pw->pw_dir, homedir) != NULL)
+		comparehome = 1;
 
 	/* check the open file to avoid races */
 	if (fstat(fileno(f), &st) < 0 ||
@@ -521,8 +527,8 @@
 			return -1;
 		}
 
-		/* If are passed the homedir then we can stop */
-		if (strcmp(homedir, buf) == 0) {
+		/* If we passed the homedir then we can stop. */
+		if (comparehome && strcmp(homedir, buf) == 0) {
 			debug3("secure_filename: terminating check at '%s'",
 			    buf);
 			break;