5.1p on RHEL 3 and password expiration
lists at spuddy.org
Sat Oct 18 06:21:41 EST 2008
On Fri, Oct 17, 2008 at 11:35:35AM +1100, Darren Tucker wrote:
> You could disable PasswordAuthentication and require Protocol 2 with
> keyboard-interactive authentication, which will probably work since it
> does both authentication and password change through the same
> conversation function).
That seemed to work just fine;
< PasswordAuthentication yes
> PasswordAuthentication no
< ChallengeResponseAuthentication no
> ChallengeResponseAuthentication yes
$ ssh fred at localhost
You are required to change your password immediately (password aged)
Changing password for fred
(current) UNIX password:
New UNIX password:
Retype new UNIX password:
Last login: Fri Oct 17 15:15:18 2008 from localhost.localdomain
> It would be possible to hack around in sshd, however I don't think it's
> worth the effort since it's demonstrably a (since fixed) LinuxPAM bug.
And the ChallengeResponseAuthentication acts as a sufficient workaround
for the older systems.
Thank you very much!
More information about the openssh-unix-dev