Only one chance to enter a new password?

Richard Dickens Richard.Dickens at
Thu Jan 19 23:24:19 EST 2006

Hello there,

We are using OpenSSH_3.9p1, OpenSSL 0.9.7d 17 Mar 2004 on various
Solaris boxes with PAM and an LDAP server back end.

Recently we have added a requirement for users to have complex
passwords. The problem is, if a user's password has expired, when they
log in they are prompted for a new password (good) but if they enter a
non-complex new password the session is closed rather than reprompting
them for another try. With some PC clients they see nothing which is
causing a lot of support calls...

Here's the PAM configuration if that matters:

sshd auth requisite
sshd auth required
sshd auth sufficient server_policy
sshd auth required try_first_pass

Is they any way to reprompt the user for another password?

Richard Dickens

To find out more about Reuters visit

Any views expressed in this message are those of the individual sender, except where the sender specifically states them to be the views of Reuters Ltd.

More information about the openssh-unix-dev mailing list