[rhn-users] force user to change password on first login
Richard Lefebvre
Richard.Lefebvre at rqchp.qc.ca
Mon Feb 21 16:15:56 UTC 2005
I get the same output from chage -l user1. For SSH, I accually use the
one from ssh.com (3.2.9.1) under the academic license.
Also I noded in one of your previous post that you intend to use NIS
in the future. In the past, NIS was problematic with password aging.
I don't know if it is still true.
Richard L.
Raj Kumar wrote:
> Hi Richard,
>
> I also tried this now
> /usr/bin/chage -d 0 -W -1 -E -1 -I -1 -M -1 -m -1 user1
>
> It still doesn't work. After executing the above command chage -l user1
> reports:
>
> Minimum: -1
> Maximum: -1
> Warning: -1
> Inactive: -1
> Last Change: Never
> Password Expires: Never
> Password Inactive: Never
> Account Expires: Never
>
> Do you get similar output? What ssh client are you using? I tried with
> Mindterm, openssh client installed on linux and ssh client installed
> with cygwin. They all don't work. I get the error message and the
> connection is terminated immediately. But if I login as user2 and then
> try "su user1" I get the error message and then the prompt to change
> password (similar to the prompts you get when passwd is run).
>
> Since it works with su and not with ssh and the authentication process
> goes through PAM I wonder if you have different settings. Can you post
> your PAM version, /etc/pam.d/su and /etc/pam.d/sshd files?
> We should probably compare the module-type "account" settings in these
> files. I dont see the difference in account modules in my /etc/pam.d/su
> and /etc/pam.d/sshd/ files
>
>
> more /etc/pam.d/su
>
> #%PAM-1.0
> auth sufficient /lib/security/$ISA/pam_rootok.so
> # Uncomment the following line to implicitly trust users in the "wheel"
> group.
> #auth sufficient /lib/security/$ISA/pam_wheel.so trust use_uid
> # Uncomment the following line to require a user to be in the "wheel" group.
> #auth required /lib/security/$ISA/pam_wheel.so use_uid
> auth required /lib/security/$ISA/pam_stack.so service=system-auth
> account required /lib/security/$ISA/pam_stack.so service=system-auth
> password required /lib/security/$ISA/pam_stack.so service=system-auth
> session required /lib/security/$ISA/pam_stack.so service=system-auth
> session optional /lib/security/$ISA/pam_xauth.so
>
> ---------------------------------------------------------------
>
> more /etc/pam.d/sshd
>
> #%PAM-1.0
> auth required pam_stack.so service=system-auth
> auth required pam_nologin.so
> account required pam_stack.so service=system-auth
> password required pam_stack.so service=system-auth
> session required pam_stack.so service=system-auth
> session required pam_limits.so
> session optional pam_console.so
>
>
> Thanks for your help!
> Raj
>
More information about the rhn-users
mailing list