[rhn-users] force user to change password on first login

Richard Lefebvre Richard.Lefebvre at rqchp.qc.ca
Mon Feb 21 16:15:56 UTC 2005 

I get the same output from chage -l user1. For SSH, I accually use the
one from ssh.com (3.2.9.1) under the academic license.

Also I noded in one of your previous post that you intend to use NIS
in the future. In the past, NIS was problematic with password aging.
I don't know if it is still true.

Richard L.

Raj Kumar wrote:
> Hi Richard,
> 
> I also tried this now
> /usr/bin/chage -d 0 -W -1 -E -1 -I -1 -M -1 -m -1 user1
> 
> It still doesn't work. After executing the above command  chage -l user1 
> reports:
> 
> Minimum:        -1
> Maximum:        -1
> Warning:        -1
> Inactive:      -1
> Last Change:            Never
> Password Expires:      Never
> Password Inactive:      Never
> Account Expires:        Never
>  
> Do you get similar output? What ssh client are you using? I tried with 
> Mindterm, openssh client installed on linux and ssh client installed 
> with cygwin. They all don't work. I get the error message and the 
> connection is terminated immediately. But if I login as user2 and then 
> try "su user1" I get the error message and then the prompt to change 
> password (similar to the prompts you get when passwd is run).
> 
> Since it works with su and not with ssh and the authentication process 
> goes through PAM I wonder if you have different settings. Can you post 
> your PAM version, /etc/pam.d/su and /etc/pam.d/sshd files?
> We should probably compare the module-type "account" settings in these 
> files. I dont see the difference in account modules in my /etc/pam.d/su 
> and /etc/pam.d/sshd/ files
> 
> 
> more /etc/pam.d/su
> 
> #%PAM-1.0
> auth      sufficient  /lib/security/$ISA/pam_rootok.so
> # Uncomment the following line to implicitly trust users in the "wheel" 
> group.
> #auth      sufficient  /lib/security/$ISA/pam_wheel.so trust use_uid
> # Uncomment the following line to require a user to be in the "wheel" group.
> #auth      required    /lib/security/$ISA/pam_wheel.so use_uid
> auth      required    /lib/security/$ISA/pam_stack.so service=system-auth
> account    required    /lib/security/$ISA/pam_stack.so service=system-auth
> password  required    /lib/security/$ISA/pam_stack.so service=system-auth
> session    required    /lib/security/$ISA/pam_stack.so service=system-auth
> session    optional    /lib/security/$ISA/pam_xauth.so
> 
> ---------------------------------------------------------------
> 
> more /etc/pam.d/sshd
> 
> #%PAM-1.0
> auth      required    pam_stack.so service=system-auth
> auth      required    pam_nologin.so
> account    required    pam_stack.so service=system-auth
> password  required    pam_stack.so service=system-auth
> session    required    pam_stack.so service=system-auth
> session    required    pam_limits.so
> session    optional    pam_console.so
> 
> 
> Thanks for your help!
> Raj
>

More information about the rhn-users mailing list