Upgrading to openssh 4.3 (from 3.9) resolved the problem

--- Darren Tucker wrote:

> On Wed, Mar 15, 2006 at 01:46:02PM -0800, samuel gipe wrote:
> > When sshing into a machine with an expired password, the user is forced
> > to change the password immediately. When updating the expired password
> > the user is not advised if the proposed new password is in openldap's
> > ppolicy password history. The update is denied but the user is not advised
> > why, even though openldap generates a reason/message and pam_ldap passes

> that
> > message to sshd (observed via strace).

> What SSH software and version are you using? If it's OpenSSH, there was
> a bug regarding passing of PAM messages back to the client that would
> probably explain your problem. That bug was fixed in (from memory) 4.1p1.
> --
> Darren Tucker (dtucker at
> GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
> Good judgement comes with experience. Unfortunately, the experience
> usually comes from bad judgement.

Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around