Re: warnpassword and warnexpire in 5.1 login.conf
David Schultz <[EMAIL PROTECTED]> writes: > On Tue, Aug 05, 2003, Mats Larsson wrote: >> And the following varning when password is old: >> Aug 5 12:27:38 marvin sshd[55386]: error: PAM: OK >> Aug 5 12:27:40 marvin sshd[55390]: fatal: PAM: chauthtok not supprted with >> privsep >> >> Is there perhaps a better PAM way of doing this things now?? > > Hmm... Apparently you can't change an expired password with a > privilege-separated OpenSSH. I don't know whether that can be > fixed, but perhaps des@ has some insight. It can be done, but not without cheating. You have to have the PAM support code do chauthtok as part of the authentication sequence. I've been meaning to do it for a while but haven't gotten around to it yet. DES -- Dag-Erling Smørgrav - [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: warnpassword and warnexpire in 5.1 login.conf
On Tue, Aug 05, 2003, Mats Larsson wrote: > Sure, run cap_mkdb on every edit on login.conf > > The values im trying to use there are the following: > :warnexpire=28d:\ > :warnpassword=14d:\ > > And with pw i use the following to test with: (also with -e option) > pw usermod user -p +10d > > The only thing im getting now is i warning in messages when i try to login > into a locked account. > > Aug 5 12:14:39 marvin sshd[55256]: error: PAM: user accound has expired This looks reasonable. > And the following varning when password is old: > Aug 5 12:27:38 marvin sshd[55386]: error: PAM: OK > Aug 5 12:27:40 marvin sshd[55390]: fatal: PAM: chauthtok not supprted with > privsep > > Is there perhaps a better PAM way of doing this things now?? Hmm... Apparently you can't change an expired password with a privilege-separated OpenSSH. I don't know whether that can be fixed, but perhaps des@ has some insight. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: warnpassword and warnexpire in 5.1 login.conf
Sure, run cap_mkdb on every edit on login.conf The values im trying to use there are the following: :warnexpire=28d:\ :warnpassword=14d:\ And with pw i use the following to test with: (also with -e option) pw usermod user -p +10d The only thing im getting now is i warning in messages when i try to login into a locked account. Aug 5 12:14:39 marvin sshd[55256]: error: PAM: user accound has expired And the following varning when password is old: Aug 5 12:27:38 marvin sshd[55386]: error: PAM: OK Aug 5 12:27:40 marvin sshd[55390]: fatal: PAM: chauthtok not supprted with privsep Is there perhaps a better PAM way of doing this things now?? // Mats On Sun, 3 Aug 2003, David Schultz wrote: > On Sat, Aug 02, 2003, Mats Larsson wrote: > > > > Hello! > > > > Tried this question to the questions list with no response, perhaps > > current is the correct list for questions related to 5.1-RELEASE?? > > > > I am trying to use warnexpire and warnpassword in login.conf but with no > > result, are the warnexpire and warnpassword still used in 5.1 or have they > > been superseded with a PAM module in the same way as minpasswordlen and > > minpasswordcase?? > > They're part of the pam_unix PAM module now, but they should still > work. I tried them a few months ago, and I don't remember any > special steps being necessary. You ran cap_mkdb(1), right? > ___ > [EMAIL PROTECTED] mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-current > To unsubscribe, send any mail to "[EMAIL PROTECTED]" > ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: warnpassword and warnexpire in 5.1 login.conf
On Sat, Aug 02, 2003, Mats Larsson wrote: > > Hello! > > Tried this question to the questions list with no response, perhaps > current is the correct list for questions related to 5.1-RELEASE?? > > I am trying to use warnexpire and warnpassword in login.conf but with no > result, are the warnexpire and warnpassword still used in 5.1 or have they > been superseded with a PAM module in the same way as minpasswordlen and > minpasswordcase?? They're part of the pam_unix PAM module now, but they should still work. I tried them a few months ago, and I don't remember any special steps being necessary. You ran cap_mkdb(1), right? ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "[EMAIL PROTECTED]"
warnpassword and warnexpire in 5.1 login.conf
Hello! Tried this question to the questions list with no response, perhaps current is the correct list for questions related to 5.1-RELEASE?? I am trying to use warnexpire and warnpassword in login.conf but with no result, are the warnexpire and warnpassword still used in 5.1 or have they been superseded with a PAM module in the same way as minpasswordlen and minpasswordcase?? // Mats Larsson ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "[EMAIL PROTECTED]"
