Password change on first login via ssh

Boyd Kelly boyd.kelly at businessobjects.com
Thu Sep 1 21:28:56 UTC 2005


Hi Tomas,

Thanks a lot for this information.  I applied the most recent openssh
rpms (3.6.1p2-33.30.4.i386) to a test RH AS 3.0 system.  This worked in
that it now produces the same result as RH AS 2.1.  That is if the user
tries to log in remotely via ssh they are prompted for a 'password'.  If
the user type anything/gargage, and presses enter they will be then
prompted to change their password at first login.

But this of course still isn't ideal.  The expected result should be
that the user is prompted immediately to change their password.  (In the
case of a new users account, the user would not know what to enter if
the system prompts them to enter a password.)

As mentioned below this works well on a Gentoo box.  I noticed that it
seems to be broken again in RH 4.0 with  openssh-server-3.9p1-8.RHEL4.4.

Should I file a bugzilla report for this?

Thanks,

Boyd

Boyd Kelly | Systems Administrator | Business Objects
Tel: +1 604-974-2831 | Cell: +1 604-505-0613
www.businessobjects.com
Access. Analyze. Report. Share


Updated RPMs on RH AS 3.0:

openssh-3.6.1p2-33.30.4.i386.rpm
openssh-askpass-3.6.1p2-33.30.4.i386.rpm
openssh-askpass-gnome-3.6.1p2-33.30.4.i386.rpm
openssh-clients-3.6.1p2-33.30.4.i386.rpm
openssh-server-3.6.1p2-33.30.4.i386.rpm

Boyd Kelly | Systems Administrator | Business Objects
Tel: +1 604-974-2831 | Cell: +1 604-505-0613
www.businessobjects.com
Access. Analyze. Report. Share
 

>-----Original Message-----
>From: pam-list-bounces at redhat.com 
>[mailto:pam-list-bounces at redhat.com] On Behalf Of Tomas Mraz
>Sent: Tuesday, August 30, 2005 12:52 PM
>To: Pluggable Authentication Modules
>Subject: Re: Password change on first login via ssh
>
>On Tue, 2005-08-30 at 12:24 -0700, Boyd Kelly wrote:
>> Hello,
>> 
>> I am having a problem getting RH 3.0 to prompt user to 
>change password 
>> on first login with ssh.  This works more or less ok on RH 2.1, 
>> perfectly on Gentoo 2.6 kernel, but not at all on RH 3.0.
>The problem is within OpenSSH and not PAM.
>
>> I have copied the /etc/pam.d/ config files from RH 2.1 and 
>Gentoo over 
>> to the RH 3.0 system, with no luck.
>Don't do that.
>
>> Is this a pam version/module version issue?  Any ideas how I can 
>> enforce a password change on first login on RH 3.0?
>Update to the latest OpenSSH version available from RHN for 
>RHEL 3.0, it should solve the problem.
>
>--
>Tomas Mraz <tmraz at redhat.com>
>
>_______________________________________________
>Pam-list mailing list
>Pam-list at redhat.com
>https://www.redhat.com/mailman/listinfo/pam-list
>




More information about the Pam-list mailing list