[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Debian stable, OpenSSH, PAM, and password expiration



Hi,

I recently switched a server over to Debian stable, and have run into a problem trying to turn on password aging. Whenever a user's password is expired SSH won't let them log in, and it acts as if an incorrect password was entered. After some Googling I was only able to find an old discussion about a similar problem from 2001 that says that it works in unstable but not in stable:

http://lists.debian.org/debian-devel/2001/04/msg00509.html

Is this still the case? Would I need to use the SSH server from unstable to get password aging to work? If I understand the Debian branches right, though, unstable isn't covered by the security team, which doesn't sound like something I want to live with. The other option would seem to be just installing OpenSSH from source and keep an eye out for patches, but the reason I went to Debian for this box was to get away from this server's previous incarnation, which was an unmanageable mix of RPMs from several different distribs and compiled-from-source apps.

Any tips? Is this actually fixed in stable and I'm just hitting some other weird bug or do I need to get off of the stable OpenSSH somehow?



Reply to: