I tracked down the source of the pwexpire "clearing" problem when a PAM module allows a user with an expired password to log in without prompting them for the new one: the module was simply re-using the original password to effect the password change, leaving the user with the same password and clearing the expired field. A policy with a password history thwarts this behavior.
Sorry for the confusion. ---------------------------------------------------------------------- | Jim Hranicky, Senior SysAdmin UF/CISE Department | | E314D CSE Building Phone (352) 392-1499 | | [EMAIL PROTECTED] http://www.cise.ufl.edu/~jfh | ---------------------------------------------------------------------- "Given a choice between a complex, difficult-to-understand, disconcerting explanation and a simplistic, comforting one, many prefer simplistic comfort if it's remotely plausible, especially if it involves blaming someone else for their problems." -- Bob Lewis, _Infoworld_ ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
