[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: telnet vs. sshd pam.d files



On Sun, 10 Sep 2000, Paul Nicholas Faure wrote:

> On Sun, 10 Sep 2000, Ethan Benson wrote:
> 
> > On Sun, Sep 10, 2000 at 03:57:37PM -0400, Paul Nicholas Faure wrote:
> > > > telnet just spawns /bin/login so it uses /etc/pam.d/login
> > > > 
> > > > ssh is just broken in regards to handling expiration correctly
> > > > (OpenSSH 1.2.3 will just deny access when a password is expired, when
> > > > it should force the user to change it)
> > > > 
> > > > annoying.  (i don't know how to fix it unforunatly)
> > > 
> > > I have openssh-2.1.1p4-1, and it allows access if the pssword expired, but
> > > give a nice little warning "Your password has expired, please change it.".
> > 
> > hmm that must be fixed in openssh 2 (notice above i mention openssh
> > 1.2.3) 
> 
> Just upgraded to the latest and greatest (openssh-2.2.0p1-2), and the
> error is still there...
> 
> > > Does regular SSH have this same problem ?
> > 
> > you mean ssh-nonfree?  i have no idea i have not used that since
> > openssh came along.
> 
> Yea, ssh-nonfree. I could use it, because it is now free to Universities.
> 
> > does openssh2 force the user to change the password or just nag them?
> > it really needs to force the issue like login does to be effective.  
> 
> OpenSSH2 nags the users. No force.
It will force the user it you set the password expiry AND password
inactive date with chage, if you don't, then it won't force you.

> 
> 

----------------
Running on Linux 2.4
Michael A. Dietz
mad099@dietznet.net





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []