warnpassword and warnexpire in 5.1 login.conf
Dag-ErlingSmørgrav
des at des.no
Tue Aug 5 12:24:03 PDT 2003
David Schultz <das at freebsd.org> writes:
> On Tue, Aug 05, 2003, Mats Larsson wrote:
>> And the following varning when password is old:
>> Aug 5 12:27:38 marvin sshd[55386]: error: PAM: OK
>> Aug 5 12:27:40 marvin sshd[55390]: fatal: PAM: chauthtok not supprted with privsep
>>
>> Is there perhaps a better PAM way of doing this things now??
>
> Hmm... Apparently you can't change an expired password with a
> privilege-separated OpenSSH. I don't know whether that can be
> fixed, but perhaps des@ has some insight.
It can be done, but not without cheating. You have to have the PAM
support code do chauthtok as part of the authentication sequence.
I've been meaning to do it for a while but haven't gotten around to it
yet.
DES
--
Dag-Erling Smørgrav - des at des.no
More information about the freebsd-current
mailing list