Hello there,

We are using OpenSSH_3.9p1, OpenSSL 0.9.7d 17 Mar 2004 on various
Solaris boxes with PAM and an LDAP server back end.

Recently we have added a requirement for users to have complex
passwords. The problem is, if a user's password has expired, when they
log in they are prompted for a new password (good) but if they enter a
non-complex new password the session is closed rather than reprompting
them for another try. With some PC clients they see nothing which is
causing a lot of support calls...

Here's the PAM configuration if that matters:

sshd auth requisite pam_authtok_get.so.1
sshd auth required pam_dhkeys.so.1
sshd auth sufficient pam_unix_auth.so.1 server_policy
sshd auth required pam_ldap.so.1 try_first_pass

Is they any way to reprompt the user for another password?

Regards,
Richard Dickens


To find out more about Reuters visit www.about.reuters.com

Any views expressed in this message are those of the individual sender, except where the sender specifically states them to be the views of Reuters Ltd.

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
http://www.mindrot.org/mailman/listi...enssh-unix-dev