Re: OpenSSH and password expiry

2002-11-13 Thread Zak Johnson
On Tue, Nov 12, 2002 at 06:43:47PM -0500, Zak Johnson wrote:
> I want to force new users to change their passwords immediately upon
> first login.  I set the "change" field in master.passwd to 1 (via pw
> useradd ... -p 1).  Logging in via login(1) works as expected---the user
> is prompted to change the password and then logs in as usual.  However,
> my users only connect via ssh, which instead yields the following logs:

To answer my own question: the code for handling expired passwords has
been commented out of OpenSSH since 3.1; there are rumours on the list
that it may be fixed by 3.6.

-Zak

To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-questions" in the body of the message



OpenSSH and password expiry

2002-11-12 Thread Zak Johnson
[Please CC me on replies, as I am not subscribed to this list.]

I want to force new users to change their passwords immediately upon
first login.  I set the "change" field in master.passwd to 1 (via pw
useradd ... -p 1).  Logging in via login(1) works as expected---the user
is prompted to change the password and then logs in as usual.  However,
my users only connect via ssh, which instead yields the following logs:

  PAM rejected by account configuration[12]: Authentication token is no longer valid; 
new one required.
  Failed password for testuser from 127.0.0.1 port 3367 ssh2

The user sees:

  $ ssh testuser@localhost
  testuser@localhost's password:
  Connection to localhost closed by remote host.
  Connection to localhost closed.

What have I done wrong?

-Zak

To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-questions" in the body of the message