--with-pam and expired passwords

Darren Tucker dtucker at zip.com.au
Sat Jan 10 11:45:12 EST 2004

Mordechai T. Abzug wrote:

> On Sat, Jan 10, 2004 at 11:19:34AM +1100, Darren Tucker wrote:
>>What version are you using?  The keyboard-interactive code in OpenSSH 
>>-current should work (I just tested it and it seems to work).  The 
>>non-keyboard-interactive methods (ie chauthtok-in-session and 
>>passwd-in-session methods) can't easily reset the forwarding flags 
>>because they're in a different process.
> I'm using 3.7.1p2 with publickey,password,hostbased.

Well, in -current (and thus the next major release), resetting the 
forwarding flags will work with keyboard-interactive.  There's no easy 
way (well, actually there is, but there's no easy *secure* way) to reset 
the forwarding flags for anything non-kbdint authentications.

Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
     Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

More information about the openssh-unix-dev mailing list