Hi there,
is there any reason why the code for supporting expired PAM accounts in
auth-pam.c:do_pam_account is commented out?
Ie. it is not possible to log in to an expired account. When you enable this,
the login procedure asks for a new password - all of this seems to work fine.
This was enabled in version 3.1 or so, but now?
Thanks
Stephan
--
Stephan M?ller Stephan.Mueller at atsec.com
Whenever you eliminate the impossible, whatever
remains, however improbable, must be the truth.
On Mon, 24 Jun 2002, Stephan Mueller wrote:> Hi there, > > is there any reason why the code for supporting expired PAM accounts in > auth-pam.c:do_pam_account is commented out? > > Ie. it is not possible to log in to an expired account. When you enable this, > the login procedure asks for a new password - all of this seems to work fine. > > This was enabled in version 3.1 or so, but now? >There are conflicts in the way PAM works and how PrivSep works. It's on the list of things to fix. - Ben
Apparently Analagous Threads
- PAMAuthenticationViaKbdInt and KeyAuth
- [Bug 808] segfault if not using pam/keyboard-interactive mech and password's expired
- [Bug 256] New: Expired password unchangeable again with pam support
- patch: openssh empty password fail with pam/sshv1
- [PATCH]: Call pam_chauthtok from keyboard-interactive.