Displaying 10 results from an estimated 10 matches for "force_pwchang".
Did you mean:
force_pwchange
2004 Feb 07
14
[Bug 14] Can't change expired /etc/shadow password without PAM
http://bugzilla.mindrot.org/show_bug.cgi?id=14
dtucker at zip.com.au changed:
What |Removed |Added
----------------------------------------------------------------------------
OtherBugsDependingO| |793
nThis| |
------- You are receiving this mail because: -------
You are on the CC list for
2004 Mar 04
3
[Bug 808] segfault if not using pam/keyboard-interactive mech and password's expired
...ugs at mindrot.org
ReportedBy: buckh at pobox.com
if you don't authenticate via pam/keyboard-interactive, then when
do_pam_account figures out your password is expired and calls
pam_password_change_required, the latter will probably segfault when it
dereferences the uninitialized int *force_pwchange. this is b/c, if you
don't authenticate using the PRIVSEP(sshpam_device), sshpam_init_ctx is
never called, so force_pwchange isn't properly initialized
i'll attach a workaround patch, but not without serious misgivings about
how crappy it is, so it won't hurt my feelings if you co...
2018 May 24
2
Password change required but no TTY available
...+extern struct sshauthopt *auth_opts;
#define DAY (24L * 60 * 60) /* 1 day in seconds */
#define TWO_WEEKS (2L * 7 * DAY) /* 2 weeks in seconds */
@@ -122,8 +123,11 @@ auth_password(struct ssh *ssh, const char *password)
}
#endif
result = sys_auth_passwd(ssh, password);
- if (authctxt->force_pwchange)
+ if (authctxt->force_pwchange) {
auth_restrict_session(ssh);
+ /* Allow password change via pty */
+ auth_opts->permit_pty_flag = 1;
+ }
return (result && ok);
}
Is this an intentional change (auth_restrict_session) or is just an
oversight to enable the PTY back to allow...
2006 May 03
8
[Bug 1188] keyboard-interactive should not allow retry after pam_acct_mgmt fails
http://bugzilla.mindrot.org/show_bug.cgi?id=1188
Summary: keyboard-interactive should not allow retry after
pam_acct_mgmt fails
Product: Portable OpenSSH
Version: -current
Platform: Other
OS/Version: All
Status: NEW
Severity: normal
Priority: P2
Component: PAM support
2006 Oct 02
2
[Bug 1241] Connections to Tru64 hosts hang when password is expired.
...ng users completely out of the system unless they
always change their passwords before they expire, or there is an
alternate access path (such as telnet) to work around the problem.
The attached patch corrects this issue for password-based
authentication by checking the password status and setting
force_pwchange when appropriate.
Other authentication methods (including my favorite, public-key-based)
are still screwed up because I couldn't figure out where to hook in the
password check. :-p
I hope this patch, or better yet an improved more comprehensive
version, will be included in future releases....
2004 Apr 23
1
Solaris core dumps
...problem. I know
it looks like an odd combination, but regardless of how I choose to
authenticate, my account is still accessible via a password in so many
ways, and so that password must be changed regularly.
sshd appears to be crashing in pam_password_change_required(). I can
only assume that force_pwchange is not initialised. I'll know soon
after I get a version of openssh built with debugging symbols, but
that'll have to wait until Monday.
Lloyd
2018 Nov 27
3
Where is password expiration notice period
In our password settings we have:
> samba-tool domain passwordsettings show
:
Password complexity: on
Store plaintext passwords: off
:
Minimum password age (days): 0
Maximum password age (days): 90
:
I don't find any setting for how many days before the expiration to warn users about the
pending expiration. On Windows, users seem to get notified about a pending password expiration
at
2006 Sep 18
1
BSD Auth: set child environment variables requested by login script [PATCH]
...- usr.bin/ssh/auth-passwd.c 2006/08/03 03:34:41 1.40
+++ usr.bin/ssh/auth-passwd.c 2006/09/18 09:35:52
@@ -144,7 +144,7 @@
if (as == NULL)
return (0);
if (auth_getstate(as) & AUTH_PWEXPIRED) {
- auth_close(as);
+ auth_close_do_env(authctxt, as);
disable_forwarding();
authctxt->force_pwchange = 1;
return (1);
@@ -153,7 +153,7 @@
expire_checked = 1;
warn_expiry(authctxt, as);
}
- return (auth_close(as));
+ return (auth_close_do_env(authctxt, as));
}
}
#else
Index: usr.bin/ssh/auth.h
===================================================================
RCS file: /cvs/sr...
2005 Feb 24
3
Suggestion: SSHD pseudo/fake mode. Source available.
Hi,
SSH brute force attacks seem to enjoy increasing popularity. Call me an
optimist or a misrouted kind of contributer to the community, but on our
company server I actually go through the logs and report extreme cases
to the providers of the originating IP's. With the increasing number of
these attacks, however, I have now decided that it's better to move the
SSHd to a different
2004 Apr 07
2
Requiring multiple auth mechanisms
I looked around for a while, but couldn't find any code for requiring multiple
authentication mechanisms in openssh. So I wrote an implemention.
I thought at first I should change the PasswordAuthentication,
PubkeyAuthentication, etc. keywords to allow no/yes/required. But there's some
funky stuff in auth2.c with respect to keyboard interactive auth that would make
this kind of