password aging
Darren Tucker
dtucker at zip.com.au
Fri Nov 14 07:47:34 EST 2003
Dan Yefimov wrote:
[snip]
> Unfortunately changing expired password doesn't work with privilege separation
> enabled. Despite for 'UsePAM no' setting PAM is still used because of
> challenge-response authentication enabled. Even more, without PAM support
> compiled in sshd doesn't support password aging mechanism. So the only way to
> make password aging work (of course, if you still want it) is disabling
> privilege separation. If you choose to not use password aging in sshd you should
> disable challenge-response authentication.
You could also try one of the password expiry patches here:
http://www.zip.com.au/~dtucker/openssh/
Coincidentally, I posted a small patch yesterday that does PAM password
aging via SSH2 keyboard-interactive.
http://marc.theaimsgroup.com/?l=openssh-unix-dev&m=106871866607969
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
More information about the openssh-unix-dev
mailing list