[PATCH]: Call pam_chauthtok from keyboard-interactive.

Darren Tucker dtucker at zip.com.au
Tue Oct 14 13:02:06 EST 2003

Darren J Moffat wrote:
> On Mon, 13 Oct 2003, Darren Tucker wrote:
> > Hi All.
> >       This patch calls pam_chauthtok() to change an expired password via PAM
> > during keyboard-interactive authentication (SSHv2 only).  It is tested on
> > Redhat 8 and Solaris 8.
> Which release of Solaris 8 and what additional patches do you have installed ?

2/02 with the recommended patch cluster from 5 Aug 2003.

> What does your pam.conf file look like ?  If it has pam_unix.so entries then
> it is an older Solaris 8 if it has entries that look like pam_unix_auth.so
> and pam_authtokstore.so then it is a newer Solaris 8.

$ grep other /etc/pam.conf
other   auth requisite          pam_authtok_get.so.1
other   auth required           pam_dhkeys.so.1
other   auth required           pam_unix_auth.so.1
other   account requisite               pam_roles.so.1
other   account required                pam_projects.so.1
other   account required                pam_unix_account.so.1
other   session required                pam_unix_session.so.1
other   password required               pam_dhkeys.so.1
other   password requisite              pam_authtok_get.so.1
other   password requisite              pam_authtok_check.so.1
other   password required               pam_authtok_store.so.1

Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

More information about the openssh-unix-dev mailing list