> Having failed at this, I want to get it where when the password is > expired, the system will simply respond "Your password is expired" and > then close the session. I found a way that almost works. Using the > following setup, the system will tell me that the password is expired, > ask me to REENTER my current password, and THEN close the session. I > would like it to drop my session before asking for me to reenter the > password: > > auth required /lib/security/$ISA/pam_env.so > auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok > auth sufficient /lib/security/$ISA/pam_krb5.so use_first_pass > debug > auth required /lib/security/$ISA/pam_deny.so > > account required /lib/security/$ISA/pam_unix.so > account [default=bad success=ok user_unknown=ignore > service_err=ignore system_err=ignore] /lib/security/$ISA/pam_krb5.so > debug > > password required /lib/security/$ISA/pam_cracklib.so retry=3 > type= > password sufficient /lib/security/$ISA/pam_unix.so nullok > use_authtok md5 shadow > password [default=bad success=ok new_authtok_reqd=ok] > /lib/security/$ISA/pam_krb5.so use_authtok debug > password required /lib/security/$ISA/pam_deny.so > > session required /lib/security/$ISA/pam_mkhomedir.so > skel=/etc/skel/ umask=0076 > session required /lib/security/$ISA/pam_limits.so > session required /lib/security/$ISA/pam_unix.so > session optional /lib/security/$ISA/pam_krb5.so debug > > > What do you guys think? > Okay, I figure this out by removing the pam_krb5 module from the password stack. _______________________________________________ Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
