[Bug 1065] password expiration and SSH keys don't go well together

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Thu Aug 4 17:09:50 EST 2005


http://bugzilla.mindrot.org/show_bug.cgi?id=1065





------- Additional Comments From joss at debian.org  2005-08-04 17:09 -------
Here is the PAM configuration (using RHEL 3.0, except for the pam_ldap module,
version 178, and the sshd daemon, version 4.1p1).

auth        required      /lib/security/$ISA/pam_env.so
auth [success=1 default=ignore] /lib/security/$ISA/pam_unix.so nullok_secure
auth        required      /usr/local/lib64/ldap/pam_ldap.so use_first_pass
auth        required      /lib/security/$ISA/pam_permit.so

account     sufficient    /usr/local/lib64/ldap/pam_ldap.so
account     required      /lib/security/$ISA/pam_unix.so

password    required      /lib/security/$ISA/pam_cracklib.so retry=3 type=
password    sufficient    /usr/local/lib64/ldap/pam_ldap.so use_authtok
password    required      /lib/security/$ISA/pam_unix.so nullok use_authtok md5
shadow

session     required      /lib/security/$ISA/pam_limits.so
#session     sufficient    /usr/local/lib64/ldap/pam_ldap.so use_authtok
session     required      /lib/security/$ISA/pam_unix.so

Commenting out the session pam_ldap stanza or uncommenting it doesn't change the
behavior.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.




More information about the openssh-bugs mailing list