[Bug 2796] sshd should allow clients to explicitly request the password change

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Fri Oct 20 00:47:59 AEDT 2017


--- Comment #5 from Tomas Mraz <t8m at centrum.cz> ---
The only mechanism that could be fairly reliable but convoluted and not
completely universal would be to have some special PAM module - let's
call it pam_ssh_authtok. The admin would be required to add the module
as the first one into the password PAM stack. This module would get the
new password from the sshd either via the conversation function or via
some other out of band mechanism. Then it would set the PAM_AUTHTOK
(and maybe also PAM_OLDAUTHTOK). Following PAM modules in the stack
would then do the actual password change.

You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

More information about the openssh-bugs mailing list