Thanks Upgrading to openssh 4.3 (from 3.9) resolved the problem
--- Darren Tucker <[EMAIL PROTECTED]> wrote: > On Wed, Mar 15, 2006 at 01:46:02PM -0800, samuel gipe wrote: > > When sshing into a machine with an expired password, the user is forced > > to change the password immediately. When updating the expired password > > the user is not advised if the proposed new password is in openldap's > > ppolicy password history. The update is denied but the user is not advised > > why, even though openldap generates a reason/message and pam_ldap passes > that > > message to sshd (observed via strace). > > What SSH software and version are you using? If it's OpenSSH, there was > a bug regarding passing of PAM messages back to the client that would > probably explain your problem. That bug was fixed in (from memory) 4.1p1. > > -- > Darren Tucker (dtucker at zip.com.au) > GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 > Good judgement comes with experience. Unfortunately, the experience > usually comes from bad judgement. > __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
