warnpassword and warnexpire in 5.1 login.conf
David Schultz
das at freebsd.org
Tue Aug 5 08:25:47 PDT 2003
On Tue, Aug 05, 2003, Mats Larsson wrote:
> Sure, run cap_mkdb on every edit on login.conf
>
> The values im trying to use there are the following:
> :warnexpire=28d:\
> :warnpassword=14d:\
>
> And with pw i use the following to test with: (also with -e option)
> pw usermod user -p +10d
>
> The only thing im getting now is i warning in messages when i try to login
> into a locked account.
>
> Aug 5 12:14:39 marvin sshd[55256]: error: PAM: user accound has expired
This looks reasonable.
> And the following varning when password is old:
> Aug 5 12:27:38 marvin sshd[55386]: error: PAM: OK
> Aug 5 12:27:40 marvin sshd[55390]: fatal: PAM: chauthtok not supprted with privsep
>
> Is there perhaps a better PAM way of doing this things now??
Hmm... Apparently you can't change an expired password with a
privilege-separated OpenSSH. I don't know whether that can be
fixed, but perhaps des@ has some insight.
More information about the freebsd-current
mailing list