Expired PAM accounts
Ben Lindstrom
mouring at etoh.eviladmin.org
Mon Jun 24 16:15:28 EST 2002
On Mon, 24 Jun 2002, Stephan Mueller wrote:
> Hi there,
>
> is there any reason why the code for supporting expired PAM accounts in
> auth-pam.c:do_pam_account is commented out?
>
> Ie. it is not possible to log in to an expired account. When you enable this,
> the login procedure asks for a new password - all of this seems to work fine.
>
> This was enabled in version 3.1 or so, but now?
>
There are conflicts in the way PAM works and how PrivSep works. It's on
the list of things to fix.
- Ben
More information about the openssh-unix-dev
mailing list