[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Change Password when Password Expires



> > How can I setup PAM so that when a users password has expired, it prompts
> > the user to change it.
> 
> > I modified the login program to do this, but that does no good when a
> > user logs in via ssh of telnet. I figure that the best place to make the
> > changes is in PAM.
> 
> > Any body done this before ?
> 
> Anything that works for login will also work for telnet, because telnet calls
> login to do the authentication.

Well, it did work for a local login, but for some reason, id did not work
over telnet. It did work if I changed login to simply display text, but if
I got login to run passwd, it did not work.

> Making this work from ssh is a bit of a problem:  for whatever reason, sshd
> deals with expired passwords by invoking '/usr/bin/passwd <username>', which
> only works if run as root.  This is something that should probably be
> addressed, so that sshd calls pam_chauthtok() instead on pam-enabled systems.

Well, we are running openSSH on our servers, does this function the same
way ? Should I be contacting someone from openSSH for help ?

Thanks

> Steve Langasek
> postmodern programmer
> 



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []