Usability issue when forced to change password when logging in to a system

Darren Tucker dtucker at zip.com.au
Tue Jan 27 23:02:19 AEDT 2015


On Tue, Jan 27, 2015 at 6:40 AM, John Olsson M <john.m.olsson at ericsson.com>
wrote:

> Why don't you try? All arguments are better received with a patch.
>
> Sure! :)
>
> Where can I find instructions on how to setup my own build and test
> environment for OpenSSH development on Ubuntu 14.04?


The general requirements and build instructions are in the INSTALL file.
The -dev packages you need for Debian based distros like Ubuntu are listed
in README.platform.


> Any official OpenSSH design rules I should consider (apart from following
> the style already used in the source code)?
>

OpenSSH follows the OpenBSD style:
http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man9/style.9


> The initial dialog example (that motivated me to send the initial email to
> the list) comes from a system based on SLED 11 SP3.
>
> When checking, the actual dialog presented at login is identical to what
> happens when you run the passwd command in the shell to change your
> password. Thus it seems like the dialog texts does not originate from
> OpenSSH itself. So the "culprit" might actually be PAM...


It could be PAM.   What is odd is that the transcript you originally posted
does not contain the text "You must change your password now and login
again!" which sshd prints when it changes passwd by exec'ing /bin/passwd.

If you are investigating PAM's behaviour you might want to try the test
harness tool I wrote for this purpose:
http://www.dtucker.net/patches/#pamtest

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.


More information about the openssh-unix-dev mailing list