[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

password expire and sshd doesn't allow ppl to change it

I created a new account for testing purposes and put the following limits on
its password age:

Minimum:        0
Maximum:        180
Warning:        0
Inactive:       0
Last Change:            Mar 23, 2001
Password Expires:       Sep 19, 2001
Password Inactive:      Never
Account Expires:        Never

(Please note that Inactive is set to 0)

Today is Sep 22. I tried to login via ssh and this is what happens:

root@mosquito:/# ssh bofh@xxxxxxxx.com
Enter passphrase for RSA key 'mosquito 11-Ott-2k':
bofh@xxxxxxxxxx.com's password:
Permission denied, please try again.
bofh@xxxxxxxxxx.com's password:

If I use telnet (I enabled it only for this test) everything seems to work:

Escape character is '^]'.
Linux & C. - Debian GNU/Linux 2.2 karma
karma login: bofh
You are required to change your password immediately (password aged)
Changing password for bofh
(current) UNIX password:

This is what I can see from auth.log:

Sep 22 10:23:04 karma sshd[13232]: password expired by aging for "bofh",
Sep 22 10:23:08 karma sshd[13232]: Accepted rsa for bofh from
port 33672
Sep 22 10:23:08 karma PAM_unix[13232]: expired password for user bofh
Sep 22 10:23:08 karma sshd[13232]: PAM rejected by account configuration:
Authentication token is no longer valid; new one required.
Sep 22 10:23:08 karma sshd[13232]: Faking authloop for illegal user bofh
from port 33672
Sep 22 10:23:14 karma sshd[13232]: Connection closed by
Sep 22 10:23:14 karma PAM_unix[13232]: (ssh) session closed for user bofh

I tried doing the same thing on a woody system and it worked just fine.
Is it a problem which affects only potato?
What shall I do to fix it (except upgrading to woody...) ?

Luca Gibelli (l.gibelli@oltrelinux.com || luca@azzurranet.org)
PGP Fingerprint: EC7C D6D2 D754 89F8 BDE8  8924 6341 3B07 C2F3 9102
PGP Key Available on: Key Servers || http://gibelli.oltrelinux.com/gibelli.asc

BOFH excuse 179:
 The lines are all busy (busied out, that is -- why let them in to begin with?).

Attachment: pgpws_cgruuiy.pgp
Description: PGP signature

Reply to: