Gunnar.Bluth at drkw.com
2001-Dec-19 16:46 UTC
Problems with aged passwords (Red Hat 7.x, OpenSSH 2.9.x-3.0.2p1)
We're experiencing weird problems here: The Solaris guys have user-packages, so we had to do this too for the Linux boxes (7.0, 7.1). Since some of the accounts get "easy" passwords set at install time, they are expired at once: /usr/bin/chage -m 7 -M 84 -W 14 <user> Now, at login, the user is prompted: You are required to change your password immediately (root enforced) Warning: Your password has expired, please change it now Changing password for <user> (current) UNIX password:xxxxxxxx New UNIX password:xxxxxxx (and yes, it definitly is a good one ;-) ) BAD PASSWORD: is too simple New UNIX password: and so on... 2.9.9p2 even showed what was typed in plain text, 3.x.x doesn't (at least...). /var/log/messages just says: [...] sshd(pam_unix)[20078]: expired password for user f998628 (root enforced) but no clues why pam_cracklib fails (or whatever happens..). This does nor appear on the machines (yet) using 2.5.2p2. We need the enhanced SSH2-handling, thus we really hope anybody has a solution to this... Thx in advance, Nick ---------------------------------------------------------------------- If you have received this e-mail in error or wish to read our e-mail disclaimer statement and monitoring policy, please refer to http://www.drkw.com/disc/email/ or contact the sender. ----------------------------------------------------------------------
Nalin Dahyabhai
2001-Dec-19 17:01 UTC
Problems with aged passwords (Red Hat 7.x, OpenSSH 2.9.x-3.0.2p1)
On Wed, Dec 19, 2001 at 05:46:26PM +0100, Gunnar.Bluth at drkw.com wrote:> We're experiencing weird problems here: > > The Solaris guys have user-packages, so we had to do this too for the Linux > boxes (7.0, 7.1). > Since some of the accounts get "easy" passwords set at install time, they are > expired at once: > /usr/bin/chage -m 7 -M 84 -W 14 <user> > > Now, at login, the user is prompted: > > You are required to change your password immediately (root enforced) > Warning: Your password has expired, please change it now > Changing password for <user> > (current) UNIX password:xxxxxxxx > New UNIX password:xxxxxxx (and yes, it definitly is a good one ;-) ) > BAD PASSWORD: is too simple > New UNIX password: > and so on...This is a pam_cracklib bug. Because 7.0 and 7.1 sound like version numbers of RHL, I'll point you at the update for RHL 7.1 at http://www.redhat.com/support/errata/RHBA-2001-149.html. The updates for 7.1 should work without difficulties on 7.0. Cheers, Nalin
Possibly Parallel Threads
- Problems with aged passwords (Red Hat 7.x, OpenSSH 2.9.x-3.0. 2p1)
- Strange "feature"
- Where do my RPMs actually go, and is it different for Red Hat builds?
- FAQ for Red Hat 6.x is now confusing with RHEL 6.0 and 6.1 releases.
- RE: pronunciation? -- loving CentOS doesn't mean you have to bash Red Hat