Re: Will SSH ever support password aging?

From: Darren Tucker (dtucker_at_dodgy.net.au)
Date: 07/30/04

  • Next message: Darren Tucker: "Re: SCP error status broken on SuSE 9.1?" 
    Date: Fri, 30 Jul 2004 03:46:56 +0000 (UTC)

    In article <358db3cc.0407290525.56013994@posting.google.com>,
    Tonij <tonij67@hotmail.com> wrote:
    >It seems like this has been a problem forever; with telnet turned off
    >and SSH as the only means of authenticating to my Solaris systems I
    >cannot use password aging because the user is never prompted to change
    >their password. Same thing with using passwd -df to force a change on
    >first login.
    >
    >Will SSH *ever* support this? Currently using OpenSSH_3.8p1
    >Are there any known work arounds for this?

    When you read the OpenSSH 3.8 release notes, which part was unclear?
    In http://www.openssh.com/txt/release-3.8, the first entry under
    "Changes since 3.7.1p2" is:

    * sshd(8) now supports forced changes of expired passwords via
      /usr/bin/passwd or keyboard-interactive authentication.

    It turned out that 3.8p1 had a bug (#808) for expired passwords and PAM
    in some cases, this was fixed in 3.8.1p1.

    If you use 3.8.1p1 and it doesn't work then please report it as a bug
    at http://bugzilla.mindrot.org. 

    -- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
  • Next message: Darren Tucker: "Re: SCP error status broken on SuSE 9.1?"