[prev in list] [next in list] [prev in thread] [next in thread]
List: pam-list
Subject: Re: Linux-PAM oddities
From: Michael Tokarev <mjt () tls ! msk ! ru>
Date: 2002-01-17 14:14:19
[Download RAW message or body]
Steven S wrote:
>
> Running a RedHat 6.2 box with pam-0.72-20.6.x installed.
> This machine was recently reconfigured to expire passwords after 90 days,
> giving 7 days notice of expiration + 7 days after to change their
> password. A user noticed some odd behaviour. With the password expired but
> within the 7 day window to change it....
>
> (me@mybox) $ ssh me@anotherbox
> me@anotherbox's password:
> Your password has expired; please change it!
> Warning: Your password has expired, please change it now
This seems to be a bug somewhere, or maybe bug in docs: what
component should print this message ? It seems some module
AND sshd prints this, shurely one of them shouldn't do this.
> Changing password for me
> (current) UNIX password: test.1234
> New UNIX password: test.1234
> Password unchanged
> Connection to anotherbox closed by remote host.
> Connection to anotherbox closed.
>
> (me@mybox) $ ssh me@anotherbox
> me@anotherbox's password:
> Your password has expired; please change it!
> Warning: Your password has expired, please change it now
> Changing password for me
> (current) UNIX password: test.1234
> New UNIX password: foobar99
> Retype new UNIX password: foobar99
> Last login: Wed Jan 16 16:09:46 2002 from mybox
> [me@anotherbox /home/me ]$
>
> notice the nifty plain text.
>
> A tcpdump shows the plain text is being send across encrypted but as you
> can see it echos back on the display.
This is a good question for openssh-unix-dev@mindrot.org.
> Also when changing the password from
> this prompt it looks like Linux-PAM uses crypt instead of md5. Any way of
> changing that?
Edit your sshd PAM configuration in /etc/pam.d. Compare this config
with e.g. login entry -- you should be able to figure the difference.
Perhaps adding `md5' on pam_unix password stack line will help here.
Regards,
Michael.
_______________________________________________
Pam-list mailing list
Pam-list@redhat.com
https://listman.redhat.com/mailman/listinfo/pam-list
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic