bugzilla-daemon at bugzilla.mindrot.org
2012-Jun-12 13:50 UTC
[Bug 2018] New: sshd not handling PAM_NEW_AUTHTOK_REQD properly
https://bugzilla.mindrot.org/show_bug.cgi?id=2018 Bug #: 2018 Summary: sshd not handling PAM_NEW_AUTHTOK_REQD properly Classification: Unclassified Product: Portable OpenSSH Version: 6.0p1 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: PAM support AssignedTo: unassigned-bugs at mindrot.org ReportedBy: ssanders at opnet.com Created attachment 2164 --> https://bugzilla.mindrot.org/attachment.cgi?id=2164 Zone in auth-pam.c where issue lies. Near line 482 in auth-pam.c, sshpam_password_change_required(0) is called. This will have the effect of preventing PAM_NEW_AUTHTOK_REQD from being transmitted back to the parent process. In turn, this will prevent any password updates from occurring at login time. If one comments the line out or changes to sshpam_password_change_required(1), sshd will prompt for a new user password and process the password update as anticipated. This is used to support password expiration. The normal flow should be authenticate -> password update -> authenticate using new password. I've listed 6.0p1 but it is in all versions 5.2p1 and greater. -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2012-Jun-12 21:13 UTC
[Bug 2018] sshd not handling PAM_NEW_AUTHTOK_REQD properly
https://bugzilla.mindrot.org/show_bug.cgi?id=2018 Stephen Sanders <ssanders at opnet.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |INVALID --- Comment #1 from Stephen Sanders <ssanders at opnet.com> 2012-06-13 07:13:25 EST --- This was a problem with the pam module that was handling password expiration. Sorry for the bother. -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug.
Possibly Parallel Threads
- [Bug 2018] sshd not handling PAM_NEW_AUTHTOK_REQD properly
- [Bug 129] New: PAM with ssh authentication fails treat PAM_NEW_AUTHTOK_REQD properly
- PATCH: Public key authentication defeats passwd age warning.
- [Bug 129] PAM with ssh authentication fails treat PAM_NEW_AUTHTOK_REQD properly
- sshd and password expiration