[Bug 1065] password expiration and SSH keys don't go well together
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Wed Dec 7 09:53:02 EST 2005
http://bugzilla.mindrot.org/show_bug.cgi?id=1065
------- Comment #12 from dtucker at zip.com.au 2005-12-07 09:53 -------
(From update of attachment 1036)
This looks like the reason:
>PAM: pam_chauthtok(): User not known to the underlying authentication module
I suspect that the chauthtok() in the pam_ldap module relies on something set
earlier during the authenticate(), and is bailing when it's not present due to
the authentication being done via public-key and not PAM. If that's the case,
I can't see anything sshd can do to make pam_chauthtok() work under those
conditions, it would require (probably minor) surgery on pam_ldap.
As a workaround you can try enabling UsePrivilegeSeparation: this will cause
sshd to exec /usr/bin/password to change the password, rather than using
pam_chauthtok() directly.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the openssh-bugs
mailing list