SSH Bug 3.5p1 Expired Passwords
Ben Lindstrom
mouring at etoh.eviladmin.org
Sat Oct 19 02:42:22 EST 2002
For it to work correctly with protocol 2 we should be using
REQ_PASS_CHANGE or something like that (not at a plce I can look at the
RFC).
I looked at it and became utterly confused as how it works on the server
side. The client side code is inplace.
- Ben
On Fri, 18 Oct 2002, Jeff Koenig wrote:
> This method ONLY works for me if I am forcing the use of SSH protocol 1.
>
> It does NOT work for SSH protocol 2.
>
> For protocol 2, I get the following:
> login as: jdoe
> jdoe at pop's password:
> Warning: Your password has expired, please change it now.
> Enter login password:
>
> I enter the login password again and then I get "Connection closed by remote host".
>
> Any suggestions to get this working with protocol 2?
>
> Jeff
>
> >>> Darren Tucker <dtucker at zip.com.au> 10/16/02 09:08AM >>>
> Frank Beckmann wrote:
> > in the new Openssh 3.5p1 is the sam Bug as in the 3.4p1 :-(
> > When a User try to login with a expired Passwort, SSH denys the Acces to the System
>
> In pam-auth.c, change
>
> #if 0
> case PAM_NEW_AUTHTOK_REQD:
>
> to
>
> #if 1
> case PAM_NEW_AUTHTOK_REQD:
>
> and set "UsePrivilegeSeparation no" in sshd_config.
>
> People have reported mixed success, so your milage may vary.
>
> Let the list know how it goes; one of the reasons this isn't enabled in
> 3.5p1 is lack of testing.
>
> --
> Darren Tucker (dtucker at zip.com.au)
> GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
> Good judgement comes with experience. Unfortunately, the experience
> usually comes from bad judgement.
> _______________________________________________
> openssh-unix-dev at mindrot.org mailing list
> http://www.mindrot.org/mailman/listinfo/openssh-unix-dev
>
> _______________________________________________
> openssh-unix-dev at mindrot.org mailing list
> http://www.mindrot.org/mailman/listinfo/openssh-unix-dev
>
More information about the openssh-unix-dev
mailing list