Hi All, Do anyone have any update/conclusion ? On Fri, Jun 15, 2018 at 3:55 PM, MAYANK SHARMA <mayank.fit2010@xxxxxxxxx> wrote: > Hi , > > I am using OpenSSH7.5 on AIX platform and I was testing the same against > the user's password expired functionality. > Normally when password is expired and if I do telnet , it will prompt for > password change and at the same time user will allowed to logged in > successfully. > But when I try the same with ssh, it prompts me for password change and > after changing the password, the connection terminates. > > Recreation steps - > ------------------------- > 1. Create any user and set the password of that user with root user. > 2. Run the following command ssh user@localhost > 3. It will prompt for password. Give password appropriately. > 4. You will see connection will terminate just after giving the password > as shown below - > > # ssh tstuser@localhost > tstuser@localhost's password: > [compat]: 3004-610 You are required to change your password. > Please choose a new one. > ************************************************************ > ******************* > * > * > * > * > * Welcome to AIX Version 7.1! > * > * > * > * > * > * Please see the README file in /usr/lpp/bos for information pertinent > to * > * this release of the AIX Operating System. > * > * > * > * > * > ************************************************************ > ******************* > WARNING: Your password has expired. > You must change your password now and login again! > Changing password for "tstuser" > tstuser's Old password: > tstuser's New password: > Enter the new password again: > Connection to localhost closed. > > > > I went through the source code and what I came to know that in file > "session.c" , there is function "do_pwchange", which includes "exit(1)" > just after the password change. > > > static void > do_pwchange(Session *s) > { > fflush(NULL); > fprintf(stderr, "WARNING: Your password has expired.\n"); > if (s->ttyfd != -1) { > fprintf(stderr, > "You must change your password now and login again!\n"); > #ifdef WITH_SELINUX > setexeccon(NULL); > #endif > #ifdef PASSWD_NEEDS_USERNAME > execl(_PATH_PASSWD_PROG, "passwd", s->pw->pw_name, > (char *)NULL); > #else > execl(_PATH_PASSWD_PROG, "passwd", (char *)NULL); > #endif > perror("passwd"); > } else { > fprintf(stderr, > "Password change required but no TTY available.\n"); > } > exit(1); > } > > > > Therefore, I want to know why "exit(1)" is placed just after password > change and why user is not allowed to logged in at the same time when he > changed the password . > > -- > *Thanks & Regards :* > *Mayank Sharma * > -- *Thanks & Regards :* *Mayank Sharma * _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev