Expired passwords & PAM

[Kevin Steves]

On Wed, 11 Oct 2000, Peter Astrand wrote:
: Currently, OpenSSH prints the message:
: 
: "Warning: You password has expired, please change it now"
: 
: if the password has expired. It would be nice if the user could/had to 
: change password before continuing, like with Linux console login. I've
: tried to make an patch, but it doesn't work. Ideas?

Can you try the latest snapshot?  There was a patch that went in
post-2.2.0p1 to add support for this.

btw, what messages do other PAM implementations add when a password
expires?  Below is HP-UX 11.0 (with an unreleased libpam patch to get it
working).  As you see PAM adds "Your password has expired.", which makes
the message ssh adds somewhat redundant.  What about "Please change your
password now." for NEW_AUTHTOK_MSG?

[stevesk at jenny stevesk]$ ssh -p24 robinson
Last   successful login for stevesk: Sat Oct 14 14:11:52 MET-1METDST 2000 on pts
/4 
Last unsuccessful login for stevesk: Sat Oct 14 13:15:33 MET-1METDST 2000 on pts
/ta 
Your password has expired. 
Warning: Your password has expired, please change it now
Changing password for stevesk
Old password: 
Last successful password change for stevesk: NEVER 
Last unsuccessful password change for stevesk: Sat Oct 14 13:14:34 2000

Do you want (choose one letter only): 
        pronounceable passwords generated for you (g) 
        a string of letters generated (l) ?
        to pick your passwords (p) ?

Enter choice here: p
New password: 
Re-enter new password: 
Passwd successfully changed
Last login: Sat Oct 14 14:11:52 2000 from jenny.foo