password aging problem with ssh protocol 2

Scott Burch scott.burch at camberwind.com
Thu Aug 29 05:21:32 EST 2002


Amulya,

This will only work on Solaris 8 with the version of OpenSSH you are 
running. Password aging will only work on Solaris 2.6 with current 
snapshots if you are not using privilege separation. If you are using 
privilege separation on the current release or snapshots I don't believe 
password aging works with any version of Solaris. Someone can correct me 
if I'm wrong. The main problem is that PAM on Linux and other open 
source operating systems has diverged substantially from PAM on Solaris 
(where it originated)...most PAM operations on Solaris need to run as 
root ...there was some discussion about this some time ago. I don't know 
if anyone is currently working on code to resolve these issues.

-Scott

Amulya Parthasarathy wrote:

>Hi,
>I'm using openssh3.1p1 and I'm having some problem with password aging
>with ssh protocol 2. Every time a password expires and I try to login I
>get the following message 
>
>ssh username at hostname
>username at hostname's password: 
>Warning: Your password has expired, please change it now
>Enter login password: 
>removing root credentials would break the rpc services that
>use secure rpc on this host!
>root may use keylogout -f to do this (at your own risk)!
>Connection to hostname closed by remote host.
>Connection to hostname closed.
>
>But when ssh into the same server using ssh -1 username at hostname it
>works just fine.
>ssh -1 username at hostname
>username at hostname's password: 
>Warning: Your password has expired, please change it now
>Enter login password: 
>New password: 
>Re-enter new password: 
>sshd (SYSTEM): passwd successfully changed for username
>Last login: Wed Aug 28 11:27:17 2002 from 10.11.42.65
>
>Can anybody help me how to get this working for protocol 2.
>
>Thanks
>R/Amulya
>
>_______________________________________________
>openssh-unix-dev at mindrot.org mailing list
>http://www.mindrot.org/mailman/listinfo/openssh-unix-dev
>
>  
>






More information about the openssh-unix-dev mailing list