[prev in list] [next in list] [prev in thread] [next in thread]
List: openssh-bugs
Subject: [Bug 2018] New: sshd not handling PAM_NEW_AUTHTOK_REQD properly
From: bugzilla-daemon () bugzilla ! mindrot ! org
Date: 2012-06-12 13:50:27
Message-ID: bug-2018-705 () http ! bugzilla ! mindrot ! org/
[Download RAW message or body]
https://bugzilla.mindrot.org/show_bug.cgi?id=2018
Bug #: 2018
Summary: sshd not handling PAM_NEW_AUTHTOK_REQD properly
Classification: Unclassified
Product: Portable OpenSSH
Version: 6.0p1
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P2
Component: PAM support
AssignedTo: unassigned-bugs@mindrot.org
ReportedBy: ssanders@opnet.com
Created attachment 2164
--> https://bugzilla.mindrot.org/attachment.cgi?id=2164
Zone in auth-pam.c where issue lies.
Near line 482 in auth-pam.c, sshpam_password_change_required(0) is
called. This will have the effect of preventing PAM_NEW_AUTHTOK_REQD
from being transmitted back to the parent process.
In turn, this will prevent any password updates from occurring at login
time.
If one comments the line out or changes to
sshpam_password_change_required(1), sshd will prompt for a new user
password and process the password update as anticipated.
This is used to support password expiration. The normal flow should be
authenticate -> password update -> authenticate using new password.
I've listed 6.0p1 but it is in all versions 5.2p1 and greater.
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic