password aging question

Darren Tucker dtucker at zip.com.au
Mon May 17 17:44:58 EST 2004


BRADLEY PENDERGAST wrote:
> Vesion 3.8.1 of OpenSSH has been compiled on a Solaris 8 host. I am having
> difficulties in enabling password aging to work from reading
> /etc/default/passwd and /etc/shadow.

Do you mean 3.8p1 or 3.8.1p1?

> # passwd -f < user-id > works satisfactorily however once a password ages
> through due course from the settings in /etc/default/passwd and /etc/shadow
> the users are not prompted to change passwords and the user is logged out
> immediatetly.

That sounds a bit like exec'ing /usr/bin/passwd is failing in that case, 
but that's just a guess.

[...]
> Does password aging work with OpenSSH?

It should work in the current version (3.8.1p1), if it doesn't then 
there's a bug somewhere.  I just tried it on my Solaris 8 box with an 
artificially aged password and it worked as expected.

 ># ./configure --prefix=/opt/ssh \
[...]
 >> --with-pgp --with-nologin-allow=/etc/nolgin.allow \

OpenSSH's configure does not have those options.  Are you using a 
vanilla source tree?

Could you please run the server in debug mode and connect with an 
account that has an expired password (eg "/path/to/sshd -ddd -p 2022" 
then connect with "ssh -p 2022 user at yourserver").  Please post the 
output here (also, the corresponding entry from /etc/shadow, minus the 
encrypted password).

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
     Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.




More information about the openssh-unix-dev mailing list