Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: PAM, Solaris, Openssh and Forcing a password change
Operating Systems Solaris PAM, Solaris, Openssh and Forcing a password change Post 302297756 by melias on Sunday 15th of March 2009 05:30:00 AM
Old 03-15-2009
I'd have expected this behaviour to be the way it was designed.
Thinking about it, you're forcing the user to change their password, but how do you know that the correct user is changing the appropriate password? SSH requires you to authenticate to log in - how can you do this if your forcing a password change on the user? SSH can't determine if you're the user in question.

To put it more simply, you need to be authenticated before you're allowed to change your password, for security reasons. Logging in via SSH would mean that the initial authentication is failing/problematic.

I normally set a simple default password for the user and get them to change it themselves after first logging in - there may be easier ways of doing it, but I haven't found it.
 

10 More Discussions You Might Find Interesting

1. Solaris

forcing password change every X days?

Hi, how do I go about forcing users to change their password every, say, 30 days? Aaron (1 Reply)
Discussion started by: amheck
1 Replies

2. Solaris

password less login from openssh to SSH Secure Shell 3.0.1 Sun solaris 7

Hi, I would like to login from a Sun server running ssh: Sun_SSH_1.1, SSH protocols 1.5/2.0, OpenSSL 0x0090704f to ssh: SSH Secure Shell 3.0.1 on sparc-sun-solaris2.6 How can I achieve this? Thanks a million in advance (1 Reply)
Discussion started by: newbewie
1 Replies

3. Solaris

Solaris 8 - Asks for current root password when trying to change root password.

Hello All, I have several solaris boxes running Solaris 8. When changing root passwords on them, all will simply ask for the new root password to change and of course to re-type the new password. One of the systems however asks for the existing root password before it will display the new password... (8 Replies)
Discussion started by: tferrazz
8 Replies

4. UNIX for Dummies Questions & Answers

Using PAM to log password changes?

Hi, on a lab computer another user (who is a sudoer) changed my password without my permission. I'm pretty positive it was her, though I can't conclusively prove it. I had my friend, who is another sudoer on the machine, fix it and make me a sudoer now too. So everything is fine, but I want... (0 Replies)
Discussion started by: declannalced
0 Replies

5. AIX

OpenSSH always ask for password

Hello together, I have a Problem with openssh on AIX 5.3. We have a big amount of AIX-hosts that run with openssh but one donīt! Every time we try to connect via ssh to the host, we get a password prompt. The myth ist, that there is no Error or somthing else. Here the output of ssh -vvvv to... (14 Replies)
Discussion started by: heifei
14 Replies

6. Solaris

Can't change root password in solaris express 11

How do I change root password in SolarisExpress 11? I used passwd while elevated to root and all it changes is the password of the user I am logged in, not te root password. (2 Replies)
Discussion started by: taltamir
2 Replies

7. Shell Programming and Scripting

Forcing a tty session but getting a password prompt?

I have a master host I want to use to issue some start/stop of LDAP services. I changed the client hosts /etc/sudoers to have Defaults:infra !requiretty The master host kicks off the jobs using the infra account doing a ssh session to the infra account on the clients. #!/bin/ksh ps -fu... (5 Replies)
Discussion started by: J-Man
5 Replies

8. Solaris

Solaris and PAM Password policy

Hello All, I have Sun DSEE7 (11g) on Solaris 10. I have run idsconfig and initialized ldap client with profile created using idsconfig. My ldap authentication works. Here is my pam.conf # Authentication management # # login service (explicit because of pam_dial_auth) # login ... (3 Replies)
Discussion started by: pandu345
3 Replies

9. SuSE

PAM password change failed, pam error 20

Hi, I use a software which can create account on many system or application. One of resource which is managed by this soft his a server SUSE Linux Enterprise Server 10 (x86_64). patch level 3. This application which is an IBM application use ssh to launch command to create account in... (3 Replies)
Discussion started by: scabarrus
3 Replies

10. Linux

Password hardening using pam

Hi We have a requirement to vary the minimum password criteria by the group to which a user belongs. For example a standard user should have a password with a minimum length of 12 and containing a mix of characters whereas an administrator should have a password with a minimum length of 14... (1 Reply)
Discussion started by: gregsih
1 Replies

LEARN ABOUT DEBIAN

lchage

lchage(8)						      System Manager's Manual							 lchage(8)

NAME

       lchage - Display or change user password policy

SYNOPSIS

       lchage [OPTION]... user

DESCRIPTION

       Displays or allows changing password policy of user.

OPTIONS

       -d, --date=days
	      Set the date of last password change to days after Jan 1 1970.

       -E, --expire=days
	      Set the account expiration date to days after Jan 1 1970.  Set days to -1 to disable account expiration.

       -i, --interactive
	      Ask all questions when connecting to the user database, even if default answers are set up in libuser configuration.

       -I, --inactive=days
	      Disable the account after days after password expires (after the user user is required to change the password).

       -l, --list
	      Only list current user's policy and make no changes.

       -m, --mindays=days
	      Require at least days days between password changes.  Set days to 0 to disable this checking.

       -M, --maxdays=days
	      Require changing the password after days since last password change.  Set days to 99999 to disable this checking.

       -W, --warndays=days
	      Start warning the user days before password expires (before the user is required to change the password).

EXIT STATUS

       The exit status is 0 on success, nonzero on error.

libuser 							    Jan 12 2005 							 lchage(8)
All times are GMT -4. The time now is 08:15 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy