grace logins on solaris

Damien Miller djm at mindrot.org
Sat May 27 10:09:04 EST 2000


On Fri, 26 May 2000, Chip Christian wrote:

> May 26 12:39:38 piglet.princetonecom.com sshd[8029]: PAM_NDS : Password 
> expired.
> PAM rejected by account configuration: Get new authentication token
> Faking authloop for illegal user chip from 192.168.12.2 port 901
> 
> pam_acct_mgmt is returning PAM_NEW_AUTHTOK_REQD.  Is there BSD
> licensed code out there already to deal with asking users to change
> an expired password?

In the absence of this, would allowing access (and displaying a 
suitable warning) when PAM returns PAM_NEW_AUTHTOK_REQD be acceptable?

At least the users could change their passwords themselves.

-d

-- 
| "Bombay is 250ms from New York in the new world order" - Alan Cox
| Damien Miller - http://www.mindrot.org/
| Email: djm at mindrot.org (home) -or- djm at ibs.com.au (work)








More information about the openssh-unix-dev mailing list