On Tue, Aug 05, 2003, Mats Larsson wrote: > Sure, run cap_mkdb on every edit on login.conf > > The values im trying to use there are the following: > :warnexpire=28d:\ > :warnpassword=14d:\ > > And with pw i use the following to test with: (also with -e option) > pw usermod user -p +10d > > The only thing im getting now is i warning in messages when i try to login > into a locked account. > > Aug 5 12:14:39 marvin sshd[55256]: error: PAM: user accound has expired This looks reasonable. > And the following varning when password is old: > Aug 5 12:27:38 marvin sshd[55386]: error: PAM: OK > Aug 5 12:27:40 marvin sshd[55390]: fatal: PAM: chauthtok not supprted with privsep > > Is there perhaps a better PAM way of doing this things now?? Hmm... Apparently you can't change an expired password with a privilege-separated OpenSSH. I don't know whether that can be fixed, but perhaps des_at_ has some insight.Received on Tue Aug 05 2003 - 06:25:47 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:37:17 UTC