Re: 5.1p on RHEL 3 and password expiration

On Fri, Oct 17, 2008 at 11:35:35AM +1100, Darren Tucker wrote:[color=blue]
> You could disable PasswordAuthentication and require Protocol 2 with
> keyboard-interactive authentication, which will probably work since it
> does both authentication and password change through the same
> conversation function).[/color]

That seemed to work just fine;
< PasswordAuthentication yes
---[color=blue]
> PasswordAuthentication no[/color]
62c62
< ChallengeResponseAuthentication no
---[color=blue]
> ChallengeResponseAuthentication yes[/color]

And now...
$ ssh fred@localhost
Password:
You are required to change your password immediately (password aged)
Changing password for fred
(current) UNIX password:
New UNIX password:
Retype new UNIX password:
Last login: Fri Oct 17 15:15:18 2008 from localhost.localdomain
[color=blue]
> It would be possible to hack around in sshd, however I don't think it's
> worth the effort since it's demonstrably a (since fixed) LinuxPAM bug.[/color]

And the ChallengeResponseAuthentication acts as a sufficient workaround
for the older systems.

Thank you very much!

--

rgds
Stephen
_______________________________________________
openssh-unix-dev mailing list
[email]openssh-unix-dev@mindrot.org[/email]
[url]https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev[/url]