On Sat, Feb 07, 2004 at 04:35:56PM +0100, Jan Rekorajski wrote: > On Fri, 06 Feb 2004, Ethan Benson wrote: > > > On Fri, Feb 06, 2004 at 10:49:00AM -0500, Darryl Cook wrote: > > > I am trying to set sshd up to use pam with moderate success. I can get > > > pam to allow users to login just fine. The problem is when their > > > password is expired. I have messed with it for about 2 solid days now > > > reading all the archives I can find but to no avail. When the password > > > is expired, it asks for the current password and then asks for the new > > > password. I enter the new password and it then just crashes. Ill post > > > /var/log/messages and other info below. > > > > > > platform : Redhat 9 > > > sshd: version 3.7.1p2 > > > > this version of ssh has broken pam support. > > That's interresting, do you mean this version of openssh or > this version of openssh from redhat? Because it works for me without any > problems (no redhat here). upstream. pam support works to a degree, but there are a great many problems with it (that did not exist in 3.6.* and don't exist in the daily snapshots). > > try the latest daily snapshot, pam works reasonably well with it, > > password expiration works correctly even with PrivSep == YES > > Glad to hear it, but I must see this with my own eyes ;) > Forgive my luck of trust byt I spent a lot of time fixing > every version of ssh to work with pam. it appears they are finally getting all this worked out in the snapshot, one remaining problem im trying to get fixed is to get PAM_TEXT_INFO and PAM_ERROR_MSG messages to the user even when access is being denied. (for custom nologin alike modules). -- Ethan Benson http://www.alaska.net/~erbenson/
Attachment:
pgp00134.pgp
Description: PGP signature
