Running a RedHat 6.2 box with pam-0.72-20.6.x installed. This machine was recently reconfigured to expire passwords after 90 days, giving 7 days notice of expiration + 7 days after to change their password. A user noticed some odd behaviour. With the password expired but within the 7 day window to change it.... (me@mybox) $ ssh me@anotherbox me@anotherbox's password: Your password has expired; please change it! Warning: Your password has expired, please change it now Changing password for me (current) UNIX password: test.1234 New UNIX password: test.1234 Password unchanged Connection to anotherbox closed by remote host. Connection to anotherbox closed. (me@mybox) $ ssh me@anotherbox me@anotherbox's password: Your password has expired; please change it! Warning: Your password has expired, please change it now Changing password for me (current) UNIX password: test.1234 New UNIX password: foobar99 Retype new UNIX password: foobar99 Last login: Wed Jan 16 16:09:46 2002 from mybox [me@anotherbox /home/me ]$ notice the nifty plain text. A tcpdump shows the plain text is being send across encrypted but as you can see it echos back on the display. Also when changing the password from this prompt it looks like Linux-PAM uses crypt instead of md5. Any way of changing that?
