similar to: [Bug 1065] password expiration and SSH keys don't go well together

http://bugzilla.mindrot.org/show_bug.cgi?id=1065 Summary: password expiration and SSH keys don't go well together Product: Portable OpenSSH Version: 4.1p1 Platform: All OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: PAM support AssignedTo: bitbucket at mindrot.org

http://bugzilla.mindrot.org/show_bug.cgi?id=1065 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED ------- Comment #16 from dtucker at zip.com.au 2006-10-07 11:41 ------- Change all RESOLVED bug to CLOSED with the exception

Dear all Lets say I have a plain text file as follows: > cat(c("[ID: 001 ] [Writer: Steven Moffat ] [Rating: 8.9 ] Doctor Who", + "[ID: 002 ] [Writer: Joss Whedon ] [Rating: 8.8 ] Buffy", + "[ID: 003 ] [Writer: J. Michael Straczynski ] [Rating: 7.4 ] Babylon [5]"), + sep = "\n", file = "tmp.txt") I would somehow like to read

Hi, The Solaris password requirements like a. no empty password b. minimum 6 chars etc for a regualr user are not enforced when a password expired user is changing password at the SSH login prompt. The version of openSSH I am using is 3.8.1 and Solaris 8 is where the sshd is running. Is anybody aware of this problem? Is there some configuration option I can use to enforce these password

http://bugzilla.mindrot.org/show_bug.cgi?id=740 ------- Additional Comments From dtucker at zip.com.au 2003-11-19 23:20 ------- According to the man page, pam_ldap doesn't support account management. $ man pam_ldap [snip] The pam_ldap.so.1 module supports two components: the Authentication component and the Password management com- ponent. ------- You are

Hi. I'm one of the OpenSSH developers, and I've done some of the work on sshd's PAM interface recently. I've discovered some behaviour peculiar to LinuxPAM that I can't explain: changing the conversation function does not appear to work, even though the pam_set_item() call claims to succeed. The previous conversation function is still called. Background: the PAM API

Greetings. I have problem with password expiration problem i cannot handle myself, so i wrote in this list. Recently i discovered that a newly created samba account has already expired password. smbldap-useradd -a -d /home/tommy -G education -s /bin/bash -M tommy -c "Tommy T." tommy smbldap-passwd tommy getent shadow user:*:::::::0 user2:*:::::::0 user3:*:::365::::0

http://bugzilla.mindrot.org/show_bug.cgi?id=423 ------- Additional Comments From michael_steffens at hp.com 2002-11-02 02:40 ------- Created an attachment (id=162) --> (http://bugzilla.mindrot.org/attachment.cgi?id=162&action=view) Patch: Workaround for pw change in privsep mode (3.5.p1) ------- You are receiving this mail because: ------- You are the assignee for the bug, or are

Hi folks, I came across this issue on both stock CentOS(v6.4) and Ubuntu(14.04 LTS) and was wondering if any of you have seen it. As far as I can tell this seems like a day-1 bug to me. PROBLEM: If I expire a linux user's password (passwd -e <user>) and then log in via ssh, it will prompt you for a password change. On changing the password successfully, sshd will drop the connection

Hello All. Attached is an update to my previous patch to make do_pam_chauthtok and privsep play nicely together. First, a question: does anybody care about these or the password expiration patches? Anyway, the "PRIVSEP(do_pam_hauthtok())" has been moved to just after the pty has been allocated but before it's made the controlling tty. This allows the child running chauthtok to

Hi, I am authenticating users on our linux servers using nslcd/pam_ldap. Authentication is fine, however, it is not possible for the user to change the password from the server. Is there a way to make it work ? [Guilherme at server ~]$ passwd Changing password for user Guilherme. passwd: Authentication token manipulation error Oct 8 14:37:53 server passwd: pam_unix(passwd:chauthtok): user

Dear all, I regret that I am very new to this tool from the install side. I have so far altered shares on a running machine only. I have (thanks to Joss for some help already) installed version 3.4.3 under AIX 6.1 giving it our preferred base directory of /opt/freeware/samba/3.4.3 I have copied over the smb.conf file from the source machine (AIX 5.2 / Samba 2.0.7) and tweaked the content of

[ Sorry for the length of this; I felt it better to provide potentially too much info, rather than not enough. I've probably missed something that's important, though! ] I have an odd problem with 5.1p on RHEL3 if "UsePAM yes" and "UsePrivilegeSeparation no" is set. The code detects that the user password is aged (according to shadow) but then fails to let me

Dear all, I regret that I am very new to this tool from the install side. I have so far altered shares on a running machine only. I have (thanks to Joss for some help already) installed version 3.4.3 under AIX 6.1 giving it our preferred base directory of /opt/freeware/samba/3.4.3 I have copied over the smb.conf file from the source machine (AIX 5.2 / Samba 2.0.7) and tweaked the content of

Hi Rowland, This is a CentOS 6.7 server. I was able to make some progress. I have edited /etc/pam.d/system-auth, and now it looks like: auth required pam_env.so auth sufficient pam_unix.so nullok try_first_pass auth requisite pam_succeed_if.so uid >= 500 quiet auth sufficient pam_ldap.so use_first_pass auth required pam_deny.so account

Hi, I've searched through the archives, and through the Wiki, for a few answers or suggestions regarding CRM style information for incoming calls (like pop-ups etc, and other CTI style interactivity) and outgoing calls (web dialing and other apps like agent management). So far, the best I've found is a thread that suggests that somebody should read a previous thread. I've back

Hi All. This patch calls pam_chauthtok() to change an expired password via PAM during keyboard-interactive authentication (SSHv2 only). It is tested on Redhat 8 and Solaris 8. In theory, it should have simply been a matter of calling pam_chauthtok with the PAM_CHANGE_EXPIRED_AUTHTOK flag, it'd only change the password is if it's expired, right? From the Solaris pam_chauthtok man page:

Okay, I'm confused again. They way you guys are talking about the conversation routine, it would seem that you think it is a way to fetch something from the user - like a new password. Is this possible? Does calling pam_chauthtok() cause the underlying pam_sm_chauthtok() eventually print something on stdout and read a new password from stdin (the socket to the client) using the conversation

I have removed use_auhtok from /etc/pam.d/system-auth and now passwd is "kind of" working... I am still able to login with my old password and the new one also. But only on the linux servers that are authenticating through LDAP. On my workstation only the old password (the one I was trying to change through passwd(ssh)) works. I have noticed that my user now has a userPassword

When we installed OpenSSH 2.1.1p4 on our Solaris systems, our users noticed that it did not honor password expiration consistently with other Solaris login services. The patch below is against OpenSSH 2.2.0p1 and adds support for PAM password changes on expiration via pam_chauthtok(). A brief summary of changes: auth-pam.c: * change declaration of pamh to "static pam_handle_t *pamh",