[Bug 1065] password expiration and SSH keys don't go well together
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Thu Aug 4 17:09:50 EST 2005
http://bugzilla.mindrot.org/show_bug.cgi?id=1065
------- Additional Comments From joss at debian.org 2005-08-04 17:09 -------
Here is the PAM configuration (using RHEL 3.0, except for the pam_ldap module,
version 178, and the sshd daemon, version 4.1p1).
auth required /lib/security/$ISA/pam_env.so
auth [success=1 default=ignore] /lib/security/$ISA/pam_unix.so nullok_secure
auth required /usr/local/lib64/ldap/pam_ldap.so use_first_pass
auth required /lib/security/$ISA/pam_permit.so
account sufficient /usr/local/lib64/ldap/pam_ldap.so
account required /lib/security/$ISA/pam_unix.so
password required /lib/security/$ISA/pam_cracklib.so retry=3 type=
password sufficient /usr/local/lib64/ldap/pam_ldap.so use_authtok
password required /lib/security/$ISA/pam_unix.so nullok use_authtok md5
shadow
session required /lib/security/$ISA/pam_limits.so
#session sufficient /usr/local/lib64/ldap/pam_ldap.so use_authtok
session required /lib/security/$ISA/pam_unix.so
Commenting out the session pam_ldap stanza or uncommenting it doesn't change the
behavior.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the openssh-bugs
mailing list