[Bug 1065] password expiration and SSH keys don't go well together
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Thu Aug 4 00:40:13 EST 2005
http://bugzilla.mindrot.org/show_bug.cgi?id=1065
Summary: password expiration and SSH keys don't go well together
Product: Portable OpenSSH
Version: 4.1p1
Platform: All
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P2
Component: PAM support
AssignedTo: bitbucket at mindrot.org
ReportedBy: joss at debian.org
We are running a setup using pam_ldap, and password expiration. When a password
is expired, PAM forces the user to change it. However, here is what happens when
using a SSH key to log in without a password:
16:33 jmouette at silicium ~ > ssh tantale
You are required to change your LDAP password immediately.
Last login: Wed Aug 3 15:49:24 2005 from silicium.ccc.cea.fr
Connection to tantale closed.
When disabling the key, things work as expected:
16:38 jmouette at silicium ~ > ssh -o PubkeyAuthentication=no tantale
Password:
You are required to change your LDAP password immediately.
Enter login(LDAP) password:
New password:
Retype new password:
LDAP password information changed for jmouette
Last login: Wed Aug 3 16:33:27 2005 from silicium.ccc.cea.fr
[ successful login ]
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the openssh-bugs
mailing list