Only one chance to enter a new password?
Richard Dickens
Richard.Dickens at reuters.com
Thu Jan 19 23:24:19 EST 2006
Hello there,
We are using OpenSSH_3.9p1, OpenSSL 0.9.7d 17 Mar 2004 on various
Solaris boxes with PAM and an LDAP server back end.
Recently we have added a requirement for users to have complex
passwords. The problem is, if a user's password has expired, when they
log in they are prompted for a new password (good) but if they enter a
non-complex new password the session is closed rather than reprompting
them for another try. With some PC clients they see nothing which is
causing a lot of support calls...
Here's the PAM configuration if that matters:
sshd auth requisite pam_authtok_get.so.1
sshd auth required pam_dhkeys.so.1
sshd auth sufficient pam_unix_auth.so.1 server_policy
sshd auth required pam_ldap.so.1 try_first_pass
Is they any way to reprompt the user for another password?
Regards,
Richard Dickens
To find out more about Reuters visit www.about.reuters.com
Any views expressed in this message are those of the individual sender, except where the sender specifically states them to be the views of Reuters Ltd.
More information about the openssh-unix-dev
mailing list