User unable to log into Solaris when password has been expired byroot

Darren Tucker dtucker at
Thu Oct 2 22:22:18 EST 2003

"Manton, Doug" wrote:
> I have a question.
> Our process for creating a new user account on our Solaris systems is to
> force expire (passwd -f) the user's password so they have to chose their own
> when they log in.  However, since building OpenSSH 3.7.1p2 I find that new
> users are unable to log in with the following syslog messages:
>   Oct  2 12:37:42 hostname sshd[1754]: User tester password has expired
> (root forced)
>   Oct  2 12:37:42 hostname sshd[1754]: Failed none for illegal user tester
> from port 33595 ssh2
>   Oct  2 12:37:45 hostname sshd[1754]: Failed password for illegal user
> tester from port 33595 ssh2
> What is the rationale behind this behaviour?  It's not like I have locked
> the account -- how can I ensure my new users get access?  Can I simply
> modify the test in auth.c or is there a 'proper' way to achieve the desired
> behaviour?

Strictly speaking, it's because sshd supports password expiry (ie it knows
that the password is expired), but doesn't (yet) support forcing changes
of expired passwords.  Supporting that has been a work-in-progress for,
oh, about a year now :-)

It should be fixed soon.  Really.  I mean it this time.  Until then, you
can apply the password expiry patch here:

Darren Tucker (dtucker at
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

More information about the openssh-unix-dev mailing list