Expired Password, not invoking password change.

Robert.Becker_at_motoristsgroup.com
Date: 11/28/05

  • Next message: Jeff Blaine: "Re: OpenSSH 4.2p1 and PAM - a problem"
    To: secureshell@securityfocus.com
    Date: Mon, 28 Nov 2005 09:25:54 -0500
    
    

    It looks like I've run into a problem. I can't be sure if this is a
    software bug or a designed feature with OpenSSH. I am currently running
    OpenSSH_4.2p1, OpenSSL 0.9.7i 14 Oct 2005.

    We have an OpenLDAP backend for user authentication and everything is
    working.

    The problem is this.. I need to require my users to change their password
    on initial login to the system.

    I have attempted to use passwd with the -e flag and that fails saying:

    >-root-> passwd -e testuser
    Authentication failure.
    LDAP information update failed: Operations error
    Error while changing password expiry information.

    Now, if I use the chage function with the -M flag it seems to work.

    >-root-> chage -M 0 -D "cn=administrator,dc=motogroup,dc=com" testuser
    Enter LDAP Password:
    Aging information changed.

    When I attempt to login I get this:

    login as: testuser
    Using keyboard-interactive authentication.
    Password:
    You are required to change your LDAP password immediately.

    Last login: Mon Nov 28 09:03:49 2005 from rbecker.motogroup.com

    >-linuxadm03:intel(/dev/pts/0):/home/testuser
    >-testuser->

    It never forces me to change my password. Nothing in the logs say there
    are any problems, files not found or errors. Does anyone have any idea why
    OpenSSH isn't calling the passwd application when the users password is
    expired?

    Thanks for your help.

    Rob Becker

    **********************************************************************
    The information contained in this message is confidential and is
    intended for the addressee(s) only. If you have received this message in error or there are any problems please notify the originator immediately. The unauthorized use, disclosure, copying or alteration of this message is strictly forbidden. Motorists Insurance Group will not be liable for direct, special, indirect or consequential damages arising from the alteration of the contents of this message by a third party or as a result of any virus being passed on.

    **********************************************************************


  • Next message: Jeff Blaine: "Re: OpenSSH 4.2p1 and PAM - a problem"

    Relevant Pages