Usability issue when forced to change password when logging in to a system

John Olsson M john.m.olsson at ericsson.com
Wed Jan 28 00:34:33 AEDT 2015 

Thank you Darren!
> It could be PAM.   What is odd is that the transcript you originally 
> posted does not contain the text "You must change your password now 
> and login again!" which sshd prints when it changes passwd by exec'ing 
> /bin/passwd.
>
Actually, once password has been successfully changed the login process 
continues and you finally get a prompt. No need to go through the 
"logout + login" procedure.


> If you are investigating PAM's behaviour you might want to try the 
> test harness tool I wrote for this purpose: 
> http://www.dtucker.net/patches/#pamtest
>
Thank you! :)


/John


On 2015-01-27 13:02, Darren Tucker wrote:
> On Tue, Jan 27, 2015 at 6:40 AM, John Olsson M 
> <john.m.olsson at ericsson.com <mailto:john.m.olsson at ericsson.com>> wrote:
>
>     Why don't you try? All arguments are better received with a patch.
>
>     Sure! :)
>
>     Where can I find instructions on how to setup my own build and
>     test environment for OpenSSH development on Ubuntu 14.04?
>
>
> The general requirements and build instructions are in the INSTALL 
> file.  The -dev packages you need for Debian based distros like Ubuntu 
> are listed in README.platform.
>
>     Any official OpenSSH design rules I should consider (apart from
>     following the style already used in the source code)?
>
>
> OpenSSH follows the OpenBSD style:
> http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man9/style.9
>
>     The initial dialog example (that motivated me to send the initial
>     email to the list) comes from a system based on SLED 11 SP3.
>
>     When checking, the actual dialog presented at login is identical
>     to what happens when you run the passwd command in the shell to
>     change your password. Thus it seems like the dialog texts does not
>     originate from OpenSSH itself. So the "culprit" might actually be
>     PAM...
>
>
> It could be PAM.   What is odd is that the transcript you originally 
> posted does not contain the text "You must change your password now 
> and login again!" which sshd prints when it changes passwd by exec'ing 
> /bin/passwd.
>
> If you are investigating PAM's behaviour you might want to try the 
> test harness tool I wrote for this purpose: 
> http://www.dtucker.net/patches/#pamtest
>
> -- 
> Darren Tucker (dtucker at zip.com.au <http://zip.com.au>)
> GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
>     Good judgement comes with experience. Unfortunately, the experience
> usually comes from bad judgement.

More information about the openssh-unix-dev mailing list