Here is a situation I have: I am aging passwords with the intent of preventing users with expired passwords from using their accounts without first changing their passwords. In addition, I am using chage to expire an account if it remains inactive too long. This works well for something like ssh, but does not work for something like a kerberized rlogin. SSH will correctly ask a user to change a password, or tell them their account has expired, but a kerberized rlogin will just let them in. Does anyone know a good method of addressing this problem? Can PAM enforce this sort of thing? _______________________________________________ Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
