PAM account failure, funny ssh error

Darren Tucker dtucker at zip.com.au
Fri Feb 28 12:17:50 EST 2003


Damien Miller wrote:
> Darren Tucker wrote:
> > I've seen similar errors caused by accounts with expired passwords, that
> > might be worth checking.
> 
> I think that this was related to:
> 
>     - markus at cvs.openbsd.org 2003/02/06 21:22:43
>       [auth1.c auth2.c]
>       undo broken fix for #387, fixes #486

Doesn't appear to be, I get the same failure with -current right now
(Solaris 8, --with-pam).

Someone reported this problem while testing the password expiry
patches.  I reproduced it (different monitor request #, but otherwise
the same) but didn't bother following it up because the PAM stuff was
shortly to be replaced.  Is it going to survive long enough to warrant
tracking this down?

		-Daz.

debug1: PAM Password authentication accepted for user "testuser"
debug3: mm_answer_authpassword: sending result 1
debug3: mm_request_send entering: type 11
debug2: pam_acct_mgmt() = 17
PAM rejected by account configuration[17]: User account has expired
Failed password for testuser from 127.0.0.1 port 34410 ssh2
debug3: mm_request_receive entering
debug3: mm_auth_password: user authenticated
Accepted password for testuser from 127.0.0.1 port 34410 ssh2
debug3: mm_send_keystate: Sending new keys: 114df0 11bec8
debug3: mm_newkeys_to_blob: converting 114df0
debug3: mm_newkeys_to_blob: converting 11bec8
debug3: mm_send_keystate: New keys have been sent
debug3: mm_send_keystate: Sending compression state
debug3: mm_request_send entering: type 24
debug3: mm_send_keystate: Finished sending state
debug3: monitor_read: checking request 24
monitor_read: unsupported request: 24
debug1: Calling cleanup 0x3df58(0x0)

-- 
Darren Tucker (dtucker at zip.com.au)
GPG Fingerprint D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.




More information about the openssh-unix-dev mailing list