Peter Losher wrote:
> Damien Miller wrote:
>> * Improve account and password expiry support in sshd(8). Ther server
>> will now warn in advance for both account and password expiry.

> Curious - does this include Krb5/GSSAPI support?

That entry was specific to BSD auth.

> I'd like to expire
> passwords at regular intervals, but SSH was my main roadblock since
> password would expire with no notice... (I assume it would only warn
> you, and not let you change expired passwords)

For BSD auth, it already forced you to change an expired password, that
change was to give advance warning.

In Portable, warning and forced change of expired password already worked
with many systems (PAM, AIX, platforms with /etc/shadow). If you're using
a Kerberos PAM module that is reported to work too (with some limitations
when working with public-key authentication).

Darren Tucker (dtucker at
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

openssh-unix-dev mailing list