Expired password handling in openssh-2.5.1p1/2

[Dan Kaminsky]

> Are there plans, or does someone have a fix, for having openssh force
> users to change passwords when they're expired?
>
> Right now the program closes the connection....the commercial ssh
> manages to exec /bin/passwd after they enter their current password.
>
> Any ideas?

Hmm, does PAM send back a special message when the password needs to be
changed?

I could envision changing the user shell to /bin/passwd if PAM complains...

--Dan