Openssh 2.9.x + Pam_Linux

Steven S stevensl at corp.earthlink.net
Wed Feb 6 03:03:05 EST 2002


I noticed a bit of odd behavior with openssh + pam_linux a while back.
I do not know if anyone else has seen this since there are a few hoops
that have to be jumped through.

Background:
	RedHat 6.2 (heavily customized) running on intel box.
	Running pam-0.72-20.6.x + Openssh-2.9.9p2-1 (both redhat)

Problem:
	Set a user account to expire as of yesterday (via shadow entry)
	Set the users account to allow login after it expires.
	On login user is prompted that the password has expired and
	to please change it.
	Password field echo's the entered password across!

for example it looks like this

(me at mybox) $ ssh me at anotherbox
me at anotherbox's password:
Your password has expired; please change it!
Warning: Your password has expired, please change it now
Changing password for me
(current) UNIX password: test.1234
New UNIX password: test.1234
Password unchanged
Connection to anotherbox closed by remote host.
Connection to anotherbox closed.

	TCP dumps show its indeed coming across the session encrypted but
something is spitting out plaintext. The Linux-Pam list suggested I
mention it here to see if anyone else has seen it. The /etc/pam.d/sshd
entry is identical to other login methods but do not exhibit this
behavour.

Any thoughts?






More information about the openssh-unix-dev mailing list