Steven S wrote: > > Running a RedHat 6.2 box with pam-0.72-20.6.x installed. > This machine was recently reconfigured to expire passwords after 90 days, > giving 7 days notice of expiration + 7 days after to change their > password. A user noticed some odd behaviour. With the password expired but > within the 7 day window to change it.... > > (me@mybox) $ ssh me@anotherbox > me@anotherbox's password: > Your password has expired; please change it! > Warning: Your password has expired, please change it now This seems to be a bug somewhere, or maybe bug in docs: what component should print this message ? It seems some module AND sshd prints this, shurely one of them shouldn't do this. > Changing password for me > (current) UNIX password: test.1234 > New UNIX password: test.1234 > Password unchanged > Connection to anotherbox closed by remote host. > Connection to anotherbox closed. > > (me@mybox) $ ssh me@anotherbox > me@anotherbox's password: > Your password has expired; please change it! > Warning: Your password has expired, please change it now > Changing password for me > (current) UNIX password: test.1234 > New UNIX password: foobar99 > Retype new UNIX password: foobar99 > Last login: Wed Jan 16 16:09:46 2002 from mybox > [me@anotherbox /home/me ]$ > > notice the nifty plain text. > > A tcpdump shows the plain text is being send across encrypted but as you > can see it echos back on the display. This is a good question for openssh-unix-dev@mindrot.org. > Also when changing the password from > this prompt it looks like Linux-PAM uses crypt instead of md5. Any way of > changing that? Edit your sshd PAM configuration in /etc/pam.d. Compare this config with e.g. login entry -- you should be able to figure the difference. Perhaps adding `md5' on pam_unix password stack line will help here. Regards, Michael.
