I am trying to get the latest version of openssh to work on a Solaris 9 native ldap client. We have a feature in ldap called "User must change password after reset" enabled. According to the openssh docs, it says that it will work with the "other" accounts listed in the /etc/pam.conf. We have tried a lot of different entries in the /etc/pam.conf. Does anyone have any ideas on how to get this to work? Jim Covington UNIX Systems Engineer Northrup Grumman Veterans Administration Austin Automation Center 1615 Woodward St. Austin, Texas 78772-7830 Phone: (512) 326-6635
Covington, Jimmy D. (NGIT) wrote:> I am trying to get the latest version of openssh to work on a Solaris 9 > native ldap client. We have a feature in ldap called "User must change > password after reset" enabled. According to the openssh docs, it says that > it will work with the "other" accounts listed in the /etc/pam.conf.Actually it will use argv[0] (usually "sshd") if it's present, otherwise it will use "other".> We have > tried a lot of different entries in the /etc/pam.conf. Does anyone have any > ideas on how to get this to work?Did you enable PAM at build time and in sshd_config (ie "UsePAM yes")? If PAM reports the account's password is expired then sshd should force a change. -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.
Seemingly Similar Threads
- what should a virtio-mmio transport without a backend look like?
- what should a virtio-mmio transport without a backend look like?
- [PATCH 0/3] virtio: Clean up scatterlists and use the DMA API
- [PATCH 0/3] virtio: Clean up scatterlists and use the DMA API
- what should a virtio-mmio transport without a backend look like?