password aging question
Darren Tucker
dtucker at zip.com.au
Mon May 17 17:44:58 EST 2004
BRADLEY PENDERGAST wrote:
> Vesion 3.8.1 of OpenSSH has been compiled on a Solaris 8 host. I am having
> difficulties in enabling password aging to work from reading
> /etc/default/passwd and /etc/shadow.
Do you mean 3.8p1 or 3.8.1p1?
> # passwd -f < user-id > works satisfactorily however once a password ages
> through due course from the settings in /etc/default/passwd and /etc/shadow
> the users are not prompted to change passwords and the user is logged out
> immediatetly.
That sounds a bit like exec'ing /usr/bin/passwd is failing in that case,
but that's just a guess.
[...]
> Does password aging work with OpenSSH?
It should work in the current version (3.8.1p1), if it doesn't then
there's a bug somewhere. I just tried it on my Solaris 8 box with an
artificially aged password and it worked as expected.
># ./configure --prefix=/opt/ssh \
[...]
>> --with-pgp --with-nologin-allow=/etc/nolgin.allow \
OpenSSH's configure does not have those options. Are you using a
vanilla source tree?
Could you please run the server in debug mode and connect with an
account that has an expired password (eg "/path/to/sshd -ddd -p 2022"
then connect with "ssh -p 2022 user at yourserver"). Please post the
output here (also, the corresponding entry from /etc/shadow, minus the
encrypted password).
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
More information about the openssh-unix-dev
mailing list