Connection terminates just after changing the password for user whose password was expired.
MAYANK SHARMA
mayank.fit2010 at gmail.com
Tue Jun 19 22:10:24 AEST 2018
Hi All,
Is anyone aware of this behavior ?
On Fri, Jun 15, 2018 at 3:55 PM, MAYANK SHARMA <mayank.fit2010 at gmail.com>
wrote:
> Hi ,
>
> I am using OpenSSH7.5 on AIX platform and I was testing the same against
> the user's password expired functionality.
> Normally when password is expired and if I do telnet , it will prompt for
> password change and at the same time user will allowed to logged in
> successfully.
> But when I try the same with ssh, it prompts me for password change and
> after changing the password, the connection terminates.
>
> Recreation steps -
> -------------------------
> 1. Create any user and set the password of that user with root user.
> 2. Run the following command ssh user at localhost
> 3. It will prompt for password. Give password appropriately.
> 4. You will see connection will terminate just after giving the password
> as shown below -
>
> # ssh tstuser at localhost
> tstuser at localhost's password:
> [compat]: 3004-610 You are required to change your password.
> Please choose a new one.
> ************************************************************
> *******************
> *
> *
> *
> *
> * Welcome to AIX Version 7.1!
> *
> *
> *
> *
> *
> * Please see the README file in /usr/lpp/bos for information pertinent
> to *
> * this release of the AIX Operating System.
> *
> *
> *
> *
> *
> ************************************************************
> *******************
> WARNING: Your password has expired.
> You must change your password now and login again!
> Changing password for "tstuser"
> tstuser's Old password:
> tstuser's New password:
> Enter the new password again:
> Connection to localhost closed.
>
>
>
> I went through the source code and what I came to know that in file
> "session.c" , there is function "do_pwchange", which includes "exit(1)"
> just after the password change.
>
>
> static void
> do_pwchange(Session *s)
> {
> fflush(NULL);
> fprintf(stderr, "WARNING: Your password has expired.\n");
> if (s->ttyfd != -1) {
> fprintf(stderr,
> "You must change your password now and login again!\n");
> #ifdef WITH_SELINUX
> setexeccon(NULL);
> #endif
> #ifdef PASSWD_NEEDS_USERNAME
> execl(_PATH_PASSWD_PROG, "passwd", s->pw->pw_name,
> (char *)NULL);
> #else
> execl(_PATH_PASSWD_PROG, "passwd", (char *)NULL);
> #endif
> perror("passwd");
> } else {
> fprintf(stderr,
> "Password change required but no TTY available.\n");
> }
> exit(1);
> }
>
>
>
> Therefore, I want to know why "exit(1)" is placed just after password
> change and why user is not allowed to logged in at the same time when he
> changed the password .
>
> --
> *Thanks & Regards :*
> *Mayank Sharma *
>
--
*Thanks & Regards :*
*Mayank Sharma *
More information about the openssh-unix-dev
mailing list