grace logins on solaris
Chip Christian
chip at princetonecom.com
Wed May 31 00:25:15 EST 2000
That's a step in the right direction, sure. I'll test, but I assume when
grace logins are exhausted, pam_acct_mgmt returns something else.
Can this string (found from a -d invocation) also be displayed in this case?
debug: Adding PAM message: \
Your password has expired and you have 4 grace login(s).
At some point I might find the free time to craft up the code for the
other case...
> On Fri, 26 May 2000, Chip Christian wrote:
>
> > May 26 12:39:38 piglet.princetonecom.com sshd[8029]: PAM_NDS : Password
> > expired.
> > PAM rejected by account configuration: Get new authentication token
> > Faking authloop for illegal user chip from 192.168.12.2 port 901
> >
> > pam_acct_mgmt is returning PAM_NEW_AUTHTOK_REQD. Is there BSD
> > licensed code out there already to deal with asking users to change
> > an expired password?
>
> In the absence of this, would allowing access (and displaying a
> suitable warning) when PAM returns PAM_NEW_AUTHTOK_REQD be acceptable?
>
> At least the users could change their passwords themselves.
>
> -d
>
> --
> | "Bombay is 250ms from New York in the new world order" - Alan Cox
> | Damien Miller - http://www.mindrot.org/
> | Email: djm at mindrot.org (home) -or- djm at ibs.com.au (work)
>
>
>
>
>
More information about the openssh-unix-dev
mailing list