OpenSSH and Solaris 9/Native LDAP

Darren Tucker dtucker at
Thu Sep 9 23:15:32 EST 2004

Covington, Jimmy D. (NGIT) wrote:
> I am trying to get the latest version of openssh to work on a Solaris 9
> native ldap client. We have a feature in ldap called "User must change
> password after reset" enabled. According to the openssh docs, it says that
> it will work with the "other" accounts listed in the /etc/pam.conf.

Actually it will use argv[0] (usually "sshd") if it's present, otherwise 
it will use "other".

> We have
> tried a lot of different entries in the /etc/pam.conf. Does anyone have any
> ideas on how to get this to work?

Did you enable PAM at build time and in sshd_config (ie "UsePAM yes")? 
If PAM reports the account's password is expired then sshd should force 
a change.

Darren Tucker (dtucker at
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
     Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

More information about the openssh-unix-dev mailing list