Date: Tue, 05 Aug 2003 21:23:56 +0200 From: des@des.no (Dag-Erling =?iso-8859-1?q?Sm=F8rgrav?=) To: Mats Larsson <myrslok@sko.mh.se> Cc: freebsd-current@freebsd.org Subject: Re: warnpassword and warnexpire in 5.1 login.conf Message-ID: <xzpd6fjaoxf.fsf@dwp.des.no> In-Reply-To: <20030805152542.GA752@HAL9000.homeunix.com> (David Schultz's message of "Tue, 5 Aug 2003 08:25:42 -0700") References: <20030802150826.D35850@marvin.sko.mh.se> <20030804061719.GB873@HAL9000.homeunix.com> <20030805122042.T55344@marvin.sko.mh.se> <20030805152542.GA752@HAL9000.homeunix.com>
next in thread | previous in thread | raw e-mail | index | archive | help
David Schultz <das@freebsd.org> writes: > On Tue, Aug 05, 2003, Mats Larsson wrote: >> And the following varning when password is old: >> Aug 5 12:27:38 marvin sshd[55386]: error: PAM: OK >> Aug 5 12:27:40 marvin sshd[55390]: fatal: PAM: chauthtok not supprted = with privsep >>=20 >> Is there perhaps a better PAM way of doing this things now?? > > Hmm... Apparently you can't change an expired password with a > privilege-separated OpenSSH. I don't know whether that can be > fixed, but perhaps des@ has some insight. It can be done, but not without cheating. You have to have the PAM support code do chauthtok as part of the authentication sequence. I've been meaning to do it for a while but haven't gotten around to it yet. DES --=20 Dag-Erling Sm=F8rgrav - des@des.no
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?xzpd6fjaoxf.fsf>