[Bug 188] New: pam_chauthtok() is called too late
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Wed Mar 27 09:24:43 EST 2002
http://bugzilla.mindrot.org/show_bug.cgi?id=188
Summary: pam_chauthtok() is called too late
Product: Portable OpenSSH
Version: 3.1p1
Platform: Other
OS/Version: All
Status: NEW
Severity: major
Priority: P2
Component: sshd
AssignedTo: openssh-unix-dev at mindrot.org
ReportedBy: Nicolas.Williams at ubsw.com
When pam_acct_mgmt() returns PAM_NEW_AUTHTOK_REQD pam_chauthtok()
must be the next PAM function called. That is, pam_chauthtok() MUST
be called before pam_open_session() and before
pam_setcred(PAM_ESTABLISH_CRED).
The point is: if the user's password is expired then the login process cannot
proceed too far before password changing is attempted.
This bug applies, or should apply, to any implementation of PAM. Thus I selected
"All" for the OS to which this bug applies.
Cheers,
Nico
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the openssh-unix-dev
mailing list