I see now the same message. I have to check again why my initial test looked OK.
Markus "Coy Hile" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > On Sat, 19 Jan 2008, Russ Allbery wrote: > > > I'm running Solaris 10 Update 4, and when using Russ' pam_krb5 on a > principal whose password has expired, I see the following in the debug > log: > > |Jan 20 11:52:03 login sshd[10303]: [ID 584047 auth.debug] (pam_krb5): > cah220: > attempting authentication as [EMAIL PROTECTED] > |Jan 20 11:52:05 login sshd[10303]: [ID 584047 auth.debug] (pam_krb5): > cah220: > krb5_get_init_creds_password: Password has expired > |Jan 20 11:52:05 login sshd[10303]: [ID 584047 auth.debug] (pam_krb5): > cah220: > <unknown>: exit (failure) > > For what it's worth, I've got the following in my pam.conf on this box: > > # grep sshd-kbdint pam.conf > sshd-kbdint auth requisite pam_authtok_get.so.1 > sshd-kbdint auth required pam_dhkeys.so.1 > sshd-kbdint auth required /tmp/pam_krb5.so.1 debug > sshd-kbdint auth optional pam_unix_auth.so.1 > sshd-kbdint session required /tmp/pam_krb5.so.1 debug > # > > Am I running into SEAM just not supporting "hey bozo, you're password is > expired, change it now", or did I hork the configuration somehow. > > If you want, I can also provide the sshd_config. > > I appreciate any help you can give with this; I'm still a bit of a > novice when it comes to doing anything cute. Along the same lines, is > there any way to bounce back something like "Your password is going to > expire in n days" during the authentication process? (say only if n < > 10). Actually strike that. Is there some easy way to write an app > that you'd run from /etc/profile to banner that sort of information? If > I were using normal UNIX auth, I could do that relatively easily using > the information in the shadow file. > > -- > Coy Hile > [EMAIL PROTECTED] > ________________________________________________ > Kerberos mailing list Kerberos@mit.edu > https://mailman.mit.edu/mailman/listinfo/kerberos > ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos