Re: warnpassword and warnexpire in 5.1 login.conf

From: Dag-Erling Smørgrav <des_at_des.no>
Date: Tue, 05 Aug 2003 21:23:56 +0200
David Schultz <das_at_freebsd.org> writes:
> On Tue, Aug 05, 2003, Mats Larsson wrote:
>> And the following varning when password is old:
>> 	Aug  5 12:27:38 marvin sshd[55386]: error: PAM: OK
>> 	Aug  5 12:27:40 marvin sshd[55390]: fatal: PAM: chauthtok not supprted with privsep
>> 
>> Is there perhaps a better PAM way of doing this things now??
>
> Hmm... Apparently you can't change an expired password with a
> privilege-separated OpenSSH.  I don't know whether that can be
> fixed, but perhaps des_at_ has some insight.

It can be done, but not without cheating.  You have to have the PAM
support code do chauthtok as part of the authentication sequence.
I've been meaning to do it for a while but haven't gotten around to it
yet.

DES
-- 
Dag-Erling Smørgrav - des_at_des.no
Received on Tue Aug 05 2003 - 10:24:02 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:37:17 UTC