search for: new_authtok_msg

...inuing, like with Linux console login. I've tried to make an patch, but it doesn't work. Ideas? --- auth-pam.c.org Wed Oct 11 18:03:43 2000 +++ auth-pam.c Wed Oct 11 18:03:44 2000 @@ -36,9 +36,6 @@ RCSID("$Id: auth-pam.c,v 1.12 2000/08/29 22:57:50 djm Exp $"); -#define NEW_AUTHTOK_MSG \ - "Warning: You password has expired, please change it now" - /* Callbacks */ static int pamconv(int num_msg, const struct pam_message **msg, struct pam_response **resp, void *appdata_ptr); @@ -175,11 +172,17 @@ pam_retval = pam_acct_mgmt((pam_handle_t *)pamh...

...he patch below is against OpenSSH 2.2.0p1 and adds support for PAM password changes on expiration via pam_chauthtok(). A brief summary of changes: auth-pam.c: * change declaration of pamh to "static pam_handle_t *pamh", remove unnecessary casts "(pam_handle_t *)" * fix typo in NEW_AUTHTOK_MSG * extend pamconv() to support real interactive prompting and display, in addition to the kludge to feed the user's password into PAM during initial login * add function do_pam_chauthtok() to call pam_chauthtok() if needed, once interactive session has been established auth-pam.h: * add prototy...

...-------- Index: auth-pam.c =================================================================== RCS file: /cvs/openssh/auth-pam.c,v retrieving revision 1.54 diff -u -r1.54 auth-pam.c --- auth-pam.c 28 Jul 2002 20:24:08 -0000 1.54 +++ auth-pam.c 21 Dec 2002 11:39:05 -0000 @@ -42,8 +42,6 @@ #define NEW_AUTHTOK_MSG \ "Warning: Your password has expired, please change it now." -#define NEW_AUTHTOK_MSG_PRIVSEP \ - "Your password has expired, the session cannot proceed." static int do_pam_conversation(int num_msg, const struct pam_message **msg, struct pam_response **resp, void *appdat...

...----- Index: auth-pam.c =================================================================== RCS file: /cvs/openssh/auth-pam.c,v retrieving revision 1.54 diff -u -u -r1.54 auth-pam.c --- auth-pam.c 28 Jul 2002 20:24:08 -0000 1.54 +++ auth-pam.c 10 Dec 2002 12:34:10 -0000 @@ -42,8 +42,6 @@ #define NEW_AUTHTOK_MSG \ "Warning: Your password has expired, please change it now." -#define NEW_AUTHTOK_MSG_PRIVSEP \ - "Your password has expired, the session cannot proceed." static int do_pam_conversation(int num_msg, const struct pam_message **msg, struct pam_response **resp, void *appdat...

...ot.org ReportedBy: don.sudom at dahlt.com Expired accounts fail with "PAM rejected by account configuration" error message. I noticed that this functionality has been disabled in auth-pam.c #if 0 case PAM_NEW_AUTHTOK_REQD: message_cat(&__pam_msg, use_privsep ? NEW_AUTHTOK_MSG_PRIVSEP : NEW_AUTHTOK_MSG); /* flag that password change is necessary */ password_change_required = 1; /* disallow other functionality for now */ no_port_forwarding_flag |= 2; no_agent_forwarding_flag |= 2; no_x11_forwarding_flag |= 2; break; #endif ------- You are receiving...

...ecifically the reasons for the commented part of the PAM account expiration part in auth-pam.c. Why this part of the code is not used in 3.5p1? Is there any specific reasons for not using this part of the code? #if 0 case PAM_NEW_AUTHTOK_REQD: message_cat(&__pam_msg, use_privsep ? NEW_AUTHTOK_MSG_PRIVSEP : NEW_AUTHTOK_MSG); /* flag that password change is necessary */ password_change_required = 1; /* disallow other functionality for now */ no_port_forwarding_flag |= 2; no_agent_forwarding_flag |= 2; no_x11_forwarding_flag |= 2; break; #endif Please reply. Thanks Logs...

...ng about: switch (pam_retval) { case PAM_SUCCESS: /* This is what we want */ break; #if 0 case PAM_NEW_AUTHTOK_REQD: message_cat(&__pam_msg, use_privsep ? NEW_AUTHTOK_MSG_PRIVSEP : NEW_AUTHTOK_MSG); /* flag that password change is necessary */ password_change_required = 1; /* disallow other functionality for now */ no_port_forwarding_flag |= 2; no_...

...1p1-orig/auth-pam.c Wed Feb 14 18:51:32 2001 +++ openssh-2.5.1p1/auth-pam.c Thu Feb 22 10:50:10 2001 @@ -33,6 +33,8 @@ #include "canohost.h" #include "readpass.h" +extern char *__progname; + RCSID("$Id: auth-pam.c,v 1.29 2001/02/15 00:51:32 djm Exp $"); #define NEW_AUTHTOK_MSG \ diff -urN openssh-2.5.1p1-orig/ssh.h openssh-2.5.1p1/ssh.h --- openssh-2.5.1p1-orig/ssh.h Mon Feb 5 09:43:59 2001 +++ openssh-2.5.1p1/ssh.h Thu Feb 22 10:50:20 2001 @@ -61,7 +61,7 @@ #define SSH_SERVICE_NAME "ssh" #if defined(USE_PAM) && !defined(SSHD_PAM_SERVICE) -# define...

Trying 2.1.1p2 on HP-UX 11 (trusted system) I get: Jul 3 14:24:53 robinson sshd[1236]: debug: Encryption type: 3des Jul 3 14:24:53 robinson sshd[1236]: debug: Received session key; encryption turned on. Jul 3 14:24:53 robinson sshd[1236]: debug: Installing crc compensation attack detector. Jul 3 14:24:53 robinson sshd[1236]: debug: Starting up PAM with username "stevesk" Jul 3

...rd_change_required; /* remember whether the last pam_authenticate() succeeded or not */ static int was_authenticated = 0; @@ -256,7 +256,6 @@ case PAM_SUCCESS: /* This is what we want */ break; -#if 0 case PAM_NEW_AUTHTOK_REQD: message_cat(&__pam_msg, use_privsep ? NEW_AUTHTOK_MSG_PRIVSEP : NEW_AUTHTOK_MSG); @@ -267,7 +266,6 @@ no_agent_forwarding_flag |= 2; no_x11_forwarding_flag |= 2; break; -#endif default: log("PAM rejected by account configuration[%d]: " "%.200s", pam_retval, PAM_STRERROR(__pamh, @@ -352,6 +350,8 @@ if...

...33 2000 +++ openssh-2.1.1p4-hein/auth-pam.c Sun Aug 27 18:05:44 2000 @@ -33,12 +33,15 @@ #include "ssh.h" #include "xmalloc.h" #include "servconf.h" +#include "packet.h" RCSID("$Id: auth-pam.c,v 1.11 2000/07/09 12:42:33 djm Exp $"); #define NEW_AUTHTOK_MSG \ "Warning: You password has expired, please change it now" +static void start_pam2(struct passwd *pw, int auth_type); + /* Callbacks */ static int pamconv(int num_msg, const struct pam_message **msg, struct pam_response **resp, void *appdata_ptr); @@ -53,6 +56,7 @@ static stru...

Hi, I'm using openssh3.1p1 and I'm having some problem with password aging with ssh protocol 2. Every time a password expires and I try to login I get the following message ssh username at hostname username at hostname's password: Warning: Your password has expired, please change it now Enter login password: removing root credentials would break the rpc services that use secure rpc