Re: Debian stable, OpenSSH, PAM, and password expiration
On (15/04/05 17:51), FICOS wrote:
> I recently switched a server over to Debian stable, and have run into a
> problem trying to turn on password aging. Whenever a user's password is
> expired SSH won't let them log in, and it acts as if an incorrect
> password was entered. After some Googling I was only able to find an
> old discussion about a similar problem from 2001 that says that it works
> in unstable but not in stable:
Can't say, it's not something I've examined.
> Is this still the case? Would I need to use the SSH server from
> unstable to get password aging to work? If I understand the Debian
> branches right, though, unstable isn't covered by the security team,
> which doesn't sound like something I want to live with. The other
> option would seem to be just installing OpenSSH from source and keep an
> eye out for patches, but the reason I went to Debian for this box was to
> get away from this server's previous incarnation, which was an
> unmanageable mix of RPMs from several different distribs and
> compiled-from-source apps.
You have two (amongst many choices):
Upgrade to sarge (which will be the next stable) - not recommended for
servers exposed to the internet but on a LAN, are very solid.
Obtain a backport of a later version of ssh:
> Any tips? Is this actually fixed in stable and I'm just hitting some
> other weird bug or do I need to get off of the stable OpenSSH somehow?
> To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
...strategies for business