Usability issue when forced to change password when logging in to a system
John Olsson M
john.m.olsson at ericsson.com
Fri Jan 23 21:52:13 AEDT 2015
Hi,
What I am about to describe is something that has existed for a very
long time, but it is still a usability issue. :)
When logging in to a system and the system detects that the password has
expired and needs to change this happens
Login As: Foobar
Password:
Your password has expired. Choose a new password.
Old Pasword:
Now the user has just read the text
"Your password has expired. Choose a new password.".
This means that the user has already started thinking about what
password to change to. The mind is set on the new password. And almost
always (consistently) the "Old " prefix is lost. You just start typing
the new password. And *bam* you are in password change hell and get
extremely frustrated as a result.
This has been observed with numerous people.
If you combine this with draconian password policies you are very close
to snapping. ;)
In the OpenSSH source code it looks like OpenSSH does not cache and copy
the authentication password back to the PAM stack when password change
is invoked. Instead OpenSSH gets it again from the tty leading to the
above usability issue.
So I am wondering if there is any reason for doing like this? And if
not, could this please be fixed in an upcoming release of OpenSSH? Or
prehaps there is already a configuration setting for tweaking this behavior?
/John
--
John Olsson
Ericsson AB
GSM BSC/BSS System Management
More information about the openssh-unix-dev
mailing list