On Sat, Apr 07, 2001 at 05:50:47PM +1000, Brian May wrote: > >>>>> "Ethan" == Ethan Benson <erbenson@alaska.net> writes: > > Ethan> this might work on unstable's ssh, but the ssh in stable > Ethan> will simply deny access if the password is expired. > > doesn't seem to be the case here, and it should be PAM not ssh: ssh's pam support is somewhat broken. [snipped example] > > with ssh from unstable, are you sure the one from stable doesn't do > this? (I think it is done by PAM not openssh anyway). yes stable will give you a `Permission denied' if the password is expired, it will not allow you to change it. Wichert filed the original bug a long time ago, it was marked fixed, i found it was certainly not fixed and reopened, where it collected dust for the better part of a year before Christian Kurz finally got it fixed (i just remembered this happened about two months ago or so, i never tested it). the fix is only in OpenSSH 2 and not 1.2.3 which is in stable. [snipped example] > perhaps that is what you were thinking of? no plain password expiration, and i ensured i did it right by logging into the console with this user and i indeed was allowed to login and was forced to change the password, tried the same with ssh -> Permission denied. your example does prove that the ssh in unstable is finally fixed, but that does no good for stable users until this fall most likely. unless they build the unstable ssh. -- Ethan Benson http://www.alaska.net/~erbenson/
Attachment:
pgpk1_rXRX8Bc.pgp
Description: PGP signature