Re: Will SSH ever support password aging?
From: Tonij (tonij67_at_hotmail.com)
Date: 08/02/04
- Previous message: Matt Johnston: "Re: How much work for implementing sftp?"
- Maybe in reply to: Doug O'Leary: "Re: Will SSH ever support password aging?"
- Next in thread: Darren Tucker: "Re: Will SSH ever support password aging?"
- Reply: Darren Tucker: "Re: Will SSH ever support password aging?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 2 Aug 2004 08:04:58 -0700
dtucker@dodgy.net.au (Darren Tucker) wrote in message news:<cecgbg$49q$1@gate.dodgy.net.au>...
> In article <358db3cc.0407290525.56013994@posting.google.com>,
> Tonij <tonij67@hotmail.com> wrote:
> >It seems like this has been a problem forever; with telnet turned off
> >and SSH as the only means of authenticating to my Solaris systems I
> >cannot use password aging because the user is never prompted to change
> >their password. Same thing with using passwd -df to force a change on
> >first login.
> >
> >Will SSH *ever* support this? Currently using OpenSSH_3.8p1
> >Are there any known work arounds for this?
>
> When you read the OpenSSH 3.8 release notes, which part was unclear?
> In http://www.openssh.com/txt/release-3.8, the first entry under
> "Changes since 3.7.1p2" is:
>
> * sshd(8) now supports forced changes of expired passwords via
> /usr/bin/passwd or keyboard-interactive authentication.
>
> It turned out that 3.8p1 had a bug (#808) for expired passwords and PAM
> in some cases, this was fixed in 3.8.1p1.
>
> If you use 3.8.1p1 and it doesn't work then please report it as a bug
> at http://bugzilla.mindrot.org.
So far I have two different answers:
"There is an ssh pam module. This should allow you to force password
changes
if stacked with another module that checks for the password age."
and
> * sshd(8) now supports forced changes of expired passwords via
> /usr/bin/passwd or keyboard-interactive authentication.
Since it does not appear to be working out of the box as claimed in
this post and the 3.8 release notes, I am inclined to believe it has
something to do with this pam module.
The release notes do not mention PAM so I guess I am back to square
one.
- Previous message: Matt Johnston: "Re: How much work for implementing sftp?"
- Maybe in reply to: Doug O'Leary: "Re: Will SSH ever support password aging?"
- Next in thread: Darren Tucker: "Re: Will SSH ever support password aging?"
- Reply: Darren Tucker: "Re: Will SSH ever support password aging?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
