Connection terminates just after changing the password for user whose password was expired.

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 

Hi ,

I am using OpenSSH7.5 on AIX platform and I was testing the same against
the user's password expired functionality.
Normally when password is expired and if I do telnet , it will prompt for
password change and at the same time user will allowed to logged in
successfully.
But when I try the same with ssh, it prompts me for password change and
after changing the password, the connection terminates.

Recreation steps -
-------------------------
1. Create any user and set the password of that user with root user.
2. Run the following command ssh user@localhost
3. It will prompt for password. Give password appropriately.
4. You will see connection will terminate just after giving the password as
shown below -

# ssh tstuser@localhost
tstuser@localhost's password:
[compat]: 3004-610 You are required to change your password.
        Please choose a new one.
************************************************************
*******************
*
   *
*
   *
*  Welcome to AIX Version 7.1!
  *
*
   *
*
   *
*  Please see the README file in /usr/lpp/bos for information pertinent to
  *
*  this release of the AIX Operating System.
  *
*
   *
*
   *
************************************************************
*******************
WARNING: Your password has expired.
You must change your password now and login again!
Changing password for "tstuser"
tstuser's Old password:
tstuser's New password:
Enter the new password again:
Connection to localhost closed.



I went through the source code and what I came to know that in file
"session.c" , there is function "do_pwchange", which includes "exit(1)"
just after the password change.


static void
do_pwchange(Session *s)
{
fflush(NULL);
fprintf(stderr, "WARNING: Your password has expired.\n");
if (s->ttyfd != -1) {
fprintf(stderr,
    "You must change your password now and login again!\n");
#ifdef WITH_SELINUX
setexeccon(NULL);
#endif
#ifdef PASSWD_NEEDS_USERNAME
execl(_PATH_PASSWD_PROG, "passwd", s->pw->pw_name,
    (char *)NULL);
#else
execl(_PATH_PASSWD_PROG, "passwd", (char *)NULL);
#endif
perror("passwd");
} else {
fprintf(stderr,
    "Password change required but no TTY available.\n");
}
exit(1);
}



Therefore, I want to know why "exit(1)" is placed just after password
change and why user is not allowed to logged in at the same time when he
changed the password .

-- 
*Thanks & Regards :*
*Mayank Sharma *
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux