expired passwords/accounts and kerberos
Rick Goyette
goyette at downbelow.pns.anl.gov
Mon Aug 23 19:10:24 UTC 2004
Here is a situation I have: I am aging passwords with the intent of
preventing users with expired passwords from using their accounts
without first changing their passwords. In addition, I am using chage
to expire an account if it remains inactive too long. This works well
for something like ssh, but does not work for something like a
kerberized rlogin. SSH will correctly ask a user to change a password,
or tell them their account has expired, but a kerberized rlogin will
just let them in. Does anyone know a good method of addressing this
problem? Can PAM enforce this sort of thing?
More information about the Pam-list
mailing list