On Fri, 06 Feb 2004, Darryl Cook wrote:
I am trying to set sshd up to use pam with moderate success. I can get
pam to allow users to login just fine. The problem is when their
password is expired. I have messed with it for about 2 solid days now
reading all the archives I can find but to no avail. When the password
is expired, it asks for the current password and then asks for the new
password. I enter the new password and it then just crashes. Ill post
/var/log/messages and other info below.
platform : Redhat 9
sshd: version 3.7.1p2
ssl: 0.9.7b
output from /var/log/messages:
Feb 6 10:43:39 student3 PAM_pwdb[12580]: expiry check failed for 'dlc'
Feb 6 10:43:39 student3 sshd[12580]: Accepted keyboard-interactive/pam
for dlc from 152.10.134.74 port 4538 ssh2
Feb 6 10:43:42 student3 sshd(pam_unix)[12582]: authentication failure;
logname=dlc uid=0 euid=0 tty=/dev/pts/3 ruser=
rhost=cookdl-0.cs.appstate.edu user=dlc
Feb 6 10:43:44 student3 sshd[12582]: fatal: PAM: pam_chauthtok():
Authentication failure
contents of /etc/pam.d/sshd
#%PAM-1.0
auth required /lib/security/pam_pwdb.so shadow nodelay
auth required /lib/security/pam_nologin.so
account required /lib/security/pam_pwdb.so
password required /lib/security/pam_unix_passwd.so
password required /lib/security/pam_cracklib.so
session required /lib/security/pam_pwdb.so
session required /lib/security/pam_limits.so
I have also tried this in sshd:
auth required /lib/security/pam_stack.so service=system-auth
auth required /lib/security/pam_nologin.so
account required /lib/security/pam_stack.so service=system-auth
password required /lib/security/pam_stack.so service=system-auth
session required /lib/security/pam_stack.so service=system-auth
session required /lib/security/pam_limits.so
session optional /lib/security/pam_console.so
but this gives pretty much the same thing.
any ideas appreciated!
Use pam_unix instead of pam_pwdb. Works for me.
Jan
