Bluth, Gunnar
2001-Dec-19 17:30 UTC
Problems with aged passwords (Red Hat 7.x, OpenSSH 2.9.x-3.0. 2p1)
Ooops, I missed that one, sorry. I'll see if it helps. Thx. Nick Nick (Gunnar) Bluth Linux Systems Administrator Dresdner Kleinwort Wasserstein Dresdner Bank AG Global Business Services <mailto: gunnar.bluth at DrKW.com> IT Operational Integrity Voice: +49 69 263 57913 (97000 - 57913) J?rgen-Ponto-Platz 1 Fax: +49 69 263 16994 (97000 - 16994) D-60301 Frankfurt am Main Mobile: +49 172 8853339 Linux Admin Team: <mailto: DrKWlinux at DrKW.com> Linux Support Team: <mailto:DrKWfftlinuxsupport at DrKW.com>> -----Original Message----- > From: Nalin Dahyabhai [SMTP:nalin at redhat.com] > Sent: 19 December 2001 18:01 > To: Gunnar.Bluth at drkw.com > Cc: openssh-unix-dev at mindrot.org > Subject: Re: Problems with aged passwords (Red Hat 7.x, OpenSSH > 2.9.x-3.0.2p1) > > On Wed, Dec 19, 2001 at 05:46:26PM +0100, Gunnar.Bluth at drkw.com wrote: > > We're experiencing weird problems here: > > > > The Solaris guys have user-packages, so we had to do this too for the > Linux > > boxes (7.0, 7.1). > > Since some of the accounts get "easy" passwords set at install time, > they are > > expired at once: > > /usr/bin/chage -m 7 -M 84 -W 14 <user> > > > > Now, at login, the user is prompted: > > > > You are required to change your password immediately (root enforced) > > Warning: Your password has expired, please change it now > > Changing password for <user> > > (current) UNIX password:xxxxxxxx > > New UNIX password:xxxxxxx (and yes, it definitly is a good one > ;-) ) > > BAD PASSWORD: is too simple > > New UNIX password: > > and so on... > > This is a pam_cracklib bug. Because 7.0 and 7.1 sound like version > numbers of RHL, I'll point you at the update for RHL 7.1 at > http://www.redhat.com/support/errata/RHBA-2001-149.html. The updates > for 7.1 should work without difficulties on 7.0. > > Cheers, > > NalinIf you have received this e-mail in error or wish to read our e-mail disclaimer statement and monitoring policy, please refer to http://www.drkw.com/disc/email/ or contact the sender.