Re: Expired Password using Pam and openssh

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Fri, 06 Feb 2004, Darryl Cook wrote:

> I am trying to set sshd up to use pam with moderate success.  I can get 
> pam to allow users to login just fine.  The problem is when their 
> password is expired.  I have messed with it for about 2 solid days now 
> reading all the archives I can find but to no avail.  When the password 
> is expired, it asks for the current password and then asks for the new 
> password.   I enter the new password and it then just crashes.  Ill post 
> /var/log/messages and other info below.
> 
> platform :   Redhat 9
> sshd:          version 3.7.1p2
> ssl:              0.9.7b
> 
> output from /var/log/messages:
> 
> Feb  6 10:43:39 student3 PAM_pwdb[12580]: expiry check failed for 'dlc'
> Feb  6 10:43:39 student3 sshd[12580]: Accepted keyboard-interactive/pam 
> for dlc from 152.10.134.74 port 4538 ssh2
> Feb  6 10:43:42 student3 sshd(pam_unix)[12582]: authentication failure; 
> logname=dlc uid=0 euid=0 tty=/dev/pts/3 ruser= 
> rhost=cookdl-0.cs.appstate.edu  user=dlc
> Feb  6 10:43:44 student3 sshd[12582]: fatal: PAM: pam_chauthtok(): 
> Authentication failure
> 
> 
> contents of /etc/pam.d/sshd
> #%PAM-1.0
> auth       required       /lib/security/pam_pwdb.so shadow nodelay
> auth       required       /lib/security/pam_nologin.so
> account    required       /lib/security/pam_pwdb.so
> password   required       /lib/security/pam_unix_passwd.so
> password   required       /lib/security/pam_cracklib.so
> session    required       /lib/security/pam_pwdb.so
> session    required       /lib/security/pam_limits.so
> 
> I have also tried this in sshd:
> 
> auth       required     /lib/security/pam_stack.so service=system-auth
> auth       required     /lib/security/pam_nologin.so
> account    required     /lib/security/pam_stack.so service=system-auth
> password   required     /lib/security/pam_stack.so service=system-auth
> session    required     /lib/security/pam_stack.so service=system-auth
> session    required     /lib/security/pam_limits.so
> session    optional     /lib/security/pam_console.so
> 
> but this gives pretty much the same thing.
> 
> any ideas appreciated!

Use pam_unix instead of pam_pwdb. Works for me.

Jan
-- 
Jan Rękorajski            |  ALL SUSPECTS ARE GUILTY. PERIOD!
baggins<at>mimuw.edu.pl   |  OTHERWISE THEY WOULDN'T BE SUSPECTS, WOULD THEY?
BOFH, MANIAC              |                   -- TROOPS by Kevin Rubio


_______________________________________________

Pam-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pam-list
[Index of Archives]     [Fedora Users]     [Kernel]     [Red Hat Install]     [Linux for the blind]     [Gimp]

  Powered by Linux