Bug#153456: Debian bugs 153235, 153456 and 166946 fixed upstream
Hi.
With the release of OpenSSH 3.8p1, I'm pleased to announce that the
following Debian bugs are now fixed upstream:
#153235 ssh pam password expiry broken
#153456 OpenSSH 1:3.4p1 breaks user account expiration
#166946 ssh: expired passwords block ssh users
From the 3.8 release notes:
"Changes since OpenSSH 3.7.1:
============================
* sshd(8) now supports forced changes of expired passwords via
/usr/bin/passwd or keyboard-interactive authentication."
(There are many incremental changes that went into this, so I have not
provided CVS revs.)
In 3.8p1, password expiry works via keyboard-interactive (SSHv2),
exec'ing /usr/bin/passwd (SSHv1 w/privsep), or pam_chauthtok() in
session (SSHv1 w/o privsep). The latter may cause "authentication token
manipulation" errors, which I suspect (but can't prove) is a problem in
LinuxPAM.
The changes could be backported to 3.7.1p2 if desired (the Debian
maintainers are welcome to contact me if they want to pursue that).
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
Reply to: