[Bug 1065] password expiration and SSH keys don't go well together

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Thu Aug 4 00:40:13 EST 2005


http://bugzilla.mindrot.org/show_bug.cgi?id=1065

           Summary: password expiration and SSH keys don't go well together
           Product: Portable OpenSSH
           Version: 4.1p1
          Platform: All
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: PAM support
        AssignedTo: bitbucket at mindrot.org
        ReportedBy: joss at debian.org


We are running a setup using pam_ldap, and password expiration. When a password
is expired, PAM forces the user to change it. However, here is what happens when
using a SSH key to log in without a password:

16:33 jmouette at silicium ~ > ssh tantale
You are required to change your LDAP password immediately.
Last login: Wed Aug  3 15:49:24 2005 from silicium.ccc.cea.fr
Connection to tantale closed.

When disabling the key, things work as expected:
16:38 jmouette at silicium ~ > ssh -o PubkeyAuthentication=no tantale
Password:
You are required to change your LDAP password immediately.
Enter login(LDAP) password:
New password:
Retype new password:
LDAP password information changed for jmouette
Last login: Wed Aug  3 16:33:27 2005 from silicium.ccc.cea.fr
[ successful login ]



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.




More information about the openssh-bugs mailing list