Expired password handling in openssh-2.5.1p1/2

Kevin Taylor ktaylor at eosdata.gsfc.nasa.gov
Wed Mar 28 07:53:36 EST 2001

OpenSSH already does this by checking the expiration fields in the shadow
file....however if it finds that the password is expired, it just closes
the connection with a Permission Denied...rather than forcing the user to
change their password.

Kevin Steves mentioned that he had once looked at the code for
implementing this, but hadn't finished it.

On Tue, 27 Mar 2001, Darren Moffat wrote:

> >> there is only support thru PAM right now.  i had started a
> >> multi-platform password interface last year, and while it was close to
> >> the point of being integrated, i have been side-tracked with stuff that
> >> was more interesting to work on.  adding just code to run passwd if the
> >> password has expired isn't hard, and maybe we should do that.
> >
> >
> >Has any of this ended up in the current openssh portable code?
> Forgive me if I'm repeating something since I missed the beginning of this
> thread.
> Without using PAM how do you intend to find out that the password has
> actually expired ?  Without reinventing what pam_acct_mgmt() does ?
> --
> Darren J Moffat

More information about the openssh-unix-dev mailing list