Re: Solaris password requirements not enforced
From: Srinivas Gopaladasu (srinivas_gopaladasu_at_net.com)
Date: Thu, 29 Jul 2004 12:27:01 -0700 To: firstname.lastname@example.org
I changed the "UseLogin" to yes but it did not help.
With some investigation and debugging, I was able to figure this out.
The problem was Soalris does not enforce any restrictions if "passwd" or
"pam_chauthtok" is called as a root user.
I changed the real user id of the process to the userId of login, before
calling "pam_chauthtok" function and it worked.
My only problem which I think probably be easily fixed is, any messages
by Solaris are not displayed.
For ex, it shows as below:
ssh blade-dcl1 -l guest
Re-enter new Password:
Could not chdir to home directory /home/guest: No such file or directory
Your password will expire in 1 day.
No directory! Logging in with home=/
Last login: Thu Jul 29 12:09:08 from nemo2
Sun Microsystems Inc. SunOS 5.8 Generic Patch October 2001
[WS 6.1 and Orbix 2000 Patch cluster installed Fri Jul 25 13:44:12 PDT 2003]
Any idea why the messages from Solaris are suppressed?
John Monko wrote:
> In the "sshd_config" file (usually in /usr/local/etc for the
> Freeware version), set the option "UseLogin" to "yes".
> Srinivas Gopaladasu wrote:
>> The Solaris password requirements like
>> a. no empty password
>> b. minimum 6 chars
>> etc for a regualr user are not enforced when a password expired user
>> is changing password at the SSH login prompt.
>> The version of openSSH I am using is 3.8.1 and Solaris 8 is where the
>> sshd is running.
>> Is anybody aware of this problem?
>> Is there some configuration option I can use to enforce these
>> password requirements?
>> If its a bug, is there a patch already?
>> I appreciate any help on this.