PAM and passwd age warnings again.
Darren Tucker
dtucker at zip.com.au
Fri Feb 17 07:31:38 EST 2006
On Thu, Feb 16, 2006 at 08:51:33AM -0500, Thomas Gardner wrote:
> source, installed it, and turned on PAM (for passwd aging),
Password aging should also work without PAM (assuming your custom
system uses a standard /etc/shadow arrangement).
> I couldn't
> get the passwd expiration warnings as specified in /etc/shadow to work
> at all (the message that is supposed to warn you as you're logging in
> that your passwd will expire in XYZ days). The patch below seemed to
> fix it. It looks like PAM was figgerin' it out, but the message was
> getting blocked again (although this time it was being blocked for a
> different reason than the last time I proposed a fix for this).
This was fixed in 4.3p1 and 4.3p2 (you should use the latter as the
former has some issues with login recording).
The ChangeLog entry is:
- (dtucker) [monitor.c] Bug #1087: Send loginmsg to preauth privsep
child during PAM account check without clearing it. This restores the
post-login warnings such as LDAP password expiry. Patch from Tomas Mraz
with help from several others.
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
More information about the openssh-unix-dev
mailing list