David Schultz <das_at_freebsd.org> writes: > On Tue, Aug 05, 2003, Mats Larsson wrote: >> And the following varning when password is old: >> Aug 5 12:27:38 marvin sshd[55386]: error: PAM: OK >> Aug 5 12:27:40 marvin sshd[55390]: fatal: PAM: chauthtok not supprted with privsep >> >> Is there perhaps a better PAM way of doing this things now?? > > Hmm... Apparently you can't change an expired password with a > privilege-separated OpenSSH. I don't know whether that can be > fixed, but perhaps des_at_ has some insight. It can be done, but not without cheating. You have to have the PAM support code do chauthtok as part of the authentication sequence. I've been meaning to do it for a while but haven't gotten around to it yet. DES -- Dag-Erling Smørgrav - des_at_des.noReceived on Tue Aug 05 2003 - 10:24:02 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:37:17 UTC