Expired password, openssh not invoking password change.

robbecker_at_gmail.com
Date: 11/28/05

  • Next message: pseudometric: "Re: Compiling OpenSSH with Kerberos support" 
    Date: 28 Nov 2005 09:55:52 -0800

    It looks like I've run into a problem. I can't be sure if this is a
    software bug or a designed feature with OpenSSH. I am currently
    running
    OpenSSH_4.2p1, OpenSSL 0.9.7i 14 Oct 2005.

    We have an OpenLDAP backend for user authentication and everything is
    working.

    The problem is this.. I need to require my users to change their
    password
    on initial login to the system.

    I have attempted to use passwd with the -e flag and that fails saying:

    >-root-> passwd -e testuser
    Authentication failure.
    LDAP information update failed: Operations error
    Error while changing password expiry information.

    Now, if I use the chage function with the -M flag it seems to work.

    >-root-> chage -M 0 -D "cn=administrator,dc=motogroup,dc=com" testuser
    Enter LDAP Password:
    Aging information changed.

    When I attempt to login I get this:

    login as: testuser
    Using keyboard-interactive authentication.
    Password:
    You are required to change your LDAP password immediately.

    Last login: Mon Nov 28 09:03:49 2005 from rbecker.motogroup.com

    >-linuxadm03:intel(/dev/pts/0):/home/testuser
    >-testuser->

    It never forces me to change my password. Nothing in the logs say
    there
    are any problems, files not found or errors. Does anyone have any idea
    why
    OpenSSH isn't calling the passwd application when the users password is
    expired?

    Thanks for your help.

    Rob Becker

  • Next message: pseudometric: "Re: Compiling OpenSSH with Kerberos support"

    Relevant Pages

    • Expired Password, not invoking password change.
      ... We have an OpenLDAP backend for user authentication and everything is ... When I attempt to login I get this: ... You are required to change your LDAP password immediately. ... OpenSSH isn't calling the passwd application when the users password is ...
      (SSH)
    • FreeBSD Security Advisory FreeBSD-SA-03:15.openssh
      ... For general information regarding FreeBSD Security Advisories, ... OpenSSH is a free version of the SSH protocol suite of network ... The ssh2 protocol supports a wide range of authentication ... Its challenge / response mechanisms, ...
      (Bugtraq)
    • [Full-Disclosure] FreeBSD Security Advisory FreeBSD-SA-03:15.openssh
      ... For general information regarding FreeBSD Security Advisories, ... OpenSSH is a free version of the SSH protocol suite of network ... The ssh2 protocol supports a wide range of authentication ... Its challenge / response mechanisms, ...
      (Full-Disclosure)
    • FreeBSD Security Advisory FreeBSD-SA-03:15.openssh
      ... For general information regarding FreeBSD Security Advisories, ... OpenSSH is a free version of the SSH protocol suite of network ... The ssh2 protocol supports a wide range of authentication ... Its challenge / response mechanisms, ...
      (FreeBSD-Security)
    • [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-03:15.openssh
      ... For general information regarding FreeBSD Security Advisories, ... OpenSSH is a free version of the SSH protocol suite of network ... The ssh2 protocol supports a wide range of authentication ... Its challenge / response mechanisms, ...
      (freebsd-announce)