Problems with aged passwords (Red Hat 7.x, OpenSSH 2.9.x-3.0. 2p1)
Bluth, Gunnar
Gunnar.Bluth at drkw.com
Thu Dec 20 04:30:55 EST 2001
Ooops, I missed that one, sorry.
I'll see if it helps.
Thx.
Nick
Nick (Gunnar) Bluth
Linux Systems Administrator
Dresdner Kleinwort Wasserstein
Dresdner Bank AG
Global Business Services <mailto: gunnar.bluth at DrKW.com>
IT Operational Integrity Voice: +49 69 263 57913 (97000 -
57913)
Jürgen-Ponto-Platz 1 Fax: +49 69 263 16994 (97000 -
16994)
D-60301 Frankfurt am Main Mobile: +49 172 8853339
Linux Admin Team: <mailto: DrKWlinux at DrKW.com>
Linux Support Team: <mailto:DrKWfftlinuxsupport at DrKW.com>
> -----Original Message-----
> From: Nalin Dahyabhai [SMTP:nalin at redhat.com]
> Sent: 19 December 2001 18:01
> To: Gunnar.Bluth at drkw.com
> Cc: openssh-unix-dev at mindrot.org
> Subject: Re: Problems with aged passwords (Red Hat 7.x, OpenSSH
> 2.9.x-3.0.2p1)
>
> On Wed, Dec 19, 2001 at 05:46:26PM +0100, Gunnar.Bluth at drkw.com wrote:
> > We're experiencing weird problems here:
> >
> > The Solaris guys have user-packages, so we had to do this too for the
> Linux
> > boxes (7.0, 7.1).
> > Since some of the accounts get "easy" passwords set at install time,
> they are
> > expired at once:
> > /usr/bin/chage -m 7 -M 84 -W 14 <user>
> >
> > Now, at login, the user is prompted:
> >
> > You are required to change your password immediately (root enforced)
> > Warning: Your password has expired, please change it now
> > Changing password for <user>
> > (current) UNIX password:xxxxxxxx
> > New UNIX password:xxxxxxx (and yes, it definitly is a good one
> ;-) )
> > BAD PASSWORD: is too simple
> > New UNIX password:
> > and so on...
>
> This is a pam_cracklib bug. Because 7.0 and 7.1 sound like version
> numbers of RHL, I'll point you at the update for RHL 7.1 at
> http://www.redhat.com/support/errata/RHBA-2001-149.html. The updates
> for 7.1 should work without difficulties on 7.0.
>
> Cheers,
>
> Nalin
If you have received this e-mail in error or wish to read our e-mail disclaimer statement and monitoring policy, please refer to
http://www.drkw.com/disc/email/ or contact the sender.
More information about the openssh-unix-dev
mailing list