password aging

Douglas K. Fischer fischerdk at purefm.net
Fri Nov 14 04:48:22 EST 2003 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

3.7.1p2 with PrivSep and PAM. Users no longer receive notice in the 7 days 
prior to password expiration, and once their password expires, they are 
unable to login. As soon as they enter their password the SSH connection is 
terminated with the following in /var/log/secure:

Oct 28 14:50:47 dumbledore sshd[1677]: fatal: Password expired (unable to 
change with privsep)

I haven't bothered to investigate this further yet, not high enough in my 
priority queue.

FWIW,

Doug

At 08:11 AM 11/13/2003, Dan Yefimov wrote:
>On Wed, 12 Nov 2003, Ryan Robertson wrote:
>
> > I've compiled 3.7.1p2 on AIX 5.1 w/pam compiled in,
> > but not enable in the sshd_config. Also applied
> > Darrens 3.7.1p2 patch25. I am having issues w/password
> > aging when maxage is set to anything >0.  i dont
> > believe this function was ever working (at least not
> > in 3.5p1).
> > Can anyone verify this?
> >
>Please describe your problem in details. What exactly issues are you
>experiencing? The thing is that I have problems with password aging in stock
>openssh 3.7.1p2 with pam support both compiled in and enabled. When yser 
>whose
>password has expired tries to log in the connection is being closed 
>immediately
>after he enters his password. System logs contain messages as follows.
>
>Nov  5 18:48:51 pokemon sshd(pam_unix)[25216]: password - (old) token not
>obtained
>Nov  5 18:48:51 pokemon sshd[25216]: fatal: PAM: pam_chauthtok(): 
>Authentication
>token manipulation error
>--
>
>     Sincerely Your, Dan.
>
>_______________________________________________
>openssh-unix-dev mailing list
>openssh-unix-dev at mindrot.org
>http://www.mindrot.org/mailman/listinfo/openssh-unix-dev
>------------------------------------------------------------
>
>This email, and any included attachments, have been checked
>by Norton AntiVirus Corporate Edition (Version 8.0), AVG
>Email Server Edition 7.0, and Merak Email Server Integrated
>Antivirus (Alwil Software's aVast! engine) and is certified
>Virus Free.

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>

iQA/AwUBP7PD5p938qfSpraDEQKV9wCeOQBMGjcDLhK7PzRMJ1NeuydJkOYAniPF
Ta7wvPIyp0h/dJB5eo5tUQ+p
=S1MN
-----END PGP SIGNATURE-----


------------------------------------------------------------

This email, and any included attachments, have been checked
by Norton AntiVirus Corporate Edition (Version 8.0), AVG
Email Server Edition 7.0, and Merak Email Server Integrated
Antivirus (Alwil Software's aVast! engine) and is certified
Virus Free.

More information about the openssh-unix-dev mailing list