Hi Tomas, Thanks a lot for this information. I applied the most recent openssh rpms (3.6.1p2-33.30.4.i386) to a test RH AS 3.0 system. This worked in that it now produces the same result as RH AS 2.1. That is if the user tries to log in remotely via ssh they are prompted for a 'password'. If the user type anything/gargage, and presses enter they will be then prompted to change their password at first login. But this of course still isn't ideal. The expected result should be that the user is prompted immediately to change their password. (In the case of a new users account, the user would not know what to enter if the system prompts them to enter a password.) As mentioned below this works well on a Gentoo box. I noticed that it seems to be broken again in RH 4.0 with openssh-server-3.9p1-8.RHEL4.4. Should I file a bugzilla report for this? Thanks, Boyd Boyd Kelly | Systems Administrator | Business Objects Tel: +1 604-974-2831 | Cell: +1 604-505-0613 www.businessobjects.com Access. Analyze. Report. Share Updated RPMs on RH AS 3.0: openssh-3.6.1p2-33.30.4.i386.rpm openssh-askpass-3.6.1p2-33.30.4.i386.rpm openssh-askpass-gnome-3.6.1p2-33.30.4.i386.rpm openssh-clients-3.6.1p2-33.30.4.i386.rpm openssh-server-3.6.1p2-33.30.4.i386.rpm Boyd Kelly | Systems Administrator | Business Objects Tel: +1 604-974-2831 | Cell: +1 604-505-0613 www.businessobjects.com Access. Analyze. Report. Share >-----Original Message----- >From: pam-list-bounces@xxxxxxxxxx >[mailto:pam-list-bounces@xxxxxxxxxx] On Behalf Of Tomas Mraz >Sent: Tuesday, August 30, 2005 12:52 PM >To: Pluggable Authentication Modules >Subject: Re: Password change on first login via ssh > >On Tue, 2005-08-30 at 12:24 -0700, Boyd Kelly wrote: >> Hello, >> >> I am having a problem getting RH 3.0 to prompt user to >change password >> on first login with ssh. This works more or less ok on RH 2.1, >> perfectly on Gentoo 2.6 kernel, but not at all on RH 3.0. >The problem is within OpenSSH and not PAM. > >> I have copied the /etc/pam.d/ config files from RH 2.1 and >Gentoo over >> to the RH 3.0 system, with no luck. >Don't do that. > >> Is this a pam version/module version issue? Any ideas how I can >> enforce a password change on first login on RH 3.0? >Update to the latest OpenSSH version available from RHN for >RHEL 3.0, it should solve the problem. > >-- >Tomas Mraz <tmraz@xxxxxxxxxx> > >_______________________________________________ > >Pam-list@xxxxxxxxxx >https://www.redhat.com/mailman/listinfo/pam-list > _______________________________________________ Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
