12-17-2009
Password Aging with Openssh 5.2 SFTP Subsystem Jail
All,
I enabled PAM and aged a password, but when I login it asks me for the current password then says password unchanged after entering the current password. Is this a bug? My security dept is going to want me to enable password aging and I'm stuck!
Any help on what the issu is?
Connecting to host...
Password:
You are required to change your password immediately (root enforced)
Changing password for user
(current) UNIX password:
Password unchanged
10 More Discussions You Might Find Interesting
1. UNIX for Advanced & Expert Users
Vesion 3.8.1 of OpenSSH has been compiled on a Solaris 8 host. I am having difficulties in enabling password aging to work from reading /etc/default/passwd and /etc/shadow.
# passwd -f < user-id > works satisfactorily however once a password ages through due course from the settings in... (1 Reply)
Discussion started by: raylen
1 Replies
2. UNIX for Dummies Questions & Answers
If the command passwd -f is used, Users get the below error. I need to force users to change there passwords at initial login. Anyone know what is going on? This is on a Non-Stop UX system
UX:in.login: ERROR: Your password has been expired for too long
UX:in.login: TO FIX: Consult your system... (0 Replies)
Discussion started by: breigner
0 Replies
3. UNIX for Dummies Questions & Answers
hi experts
this is regarding password aging
i tried searching forum but i cudnt locate
given a login id,
i would like to determine whether password ageing has been enabled for that
and
for the login id whether password has been expired on a particular point of time
Thanks (4 Replies)
Discussion started by: teletype_error
4 Replies
4. Shell Programming and Scripting
Hi ,
is there anyway of implementing password aging in NIS?
I would say thanks in advance.
Thanks and regards,
HAA (1 Reply)
Discussion started by: HAA
1 Replies
5. AIX
Hi,
While I am trying SFTP my machine to another unix machine ,
it was working fine till 10 min back.
But now i am getting the below error
"Request for subsystem 'sftp' failed on channel 0"
Could you please someone help me to solve or analyise the root cause...
Cheers:b:,
Mahiban (0 Replies)
Discussion started by: mahiban
0 Replies
6. UNIX for Dummies Questions & Answers
Hi there,
what is the meaning of this line:
SFTP subsystem requests: 5 Time(s)
in: /var/mail/root???
Tks in advance,
GB (0 Replies)
Discussion started by: Giordano Bruno
0 Replies
7. UNIX for Advanced & Expert Users
Hi all,
I have a Solaris 10 server with SUN_SSH_1.1 installed.
I want to restrict a user via SFTP to only be able to access one directory. I've written a little script in .profile which works perfectly for an ssh login but it appears sftp doesn't read the .profile file so it doesn't work.
... (2 Replies)
Discussion started by: Donkey25
2 Replies
8. AIX
I have several ssh servers *running aix 5.3 and they respond to sftp requests just fine, but I have one that requires clients to specify the path to the sftp server using the -s flag which is*/usr/sbin/sftp-server
I check the sshd_config across all servers and they are the same. *The other... (1 Reply)
Discussion started by: massdesign
1 Replies
9. Red Hat
Hi
I need a specific user to be able to sftp to a server and get files from a specific location. The location is not the users home dir, i don't want the user to be able to view anything else apart from the files in that area.
e.g ftp file are is - /logging/phplogs
e.g user home is... (1 Reply)
Discussion started by: duckeggs01
1 Replies
10. Linux
Recently I have been playing with password ageing and the usage of ssh keys. I have found that if usePAM yes (default) is set in the /etc/ssh/sshd_config file then any password ageing and inactiivity can adversely affect a client with ssh keys.
For example:
Set PASS_MAX_DAYS to 60 in... (5 Replies)
Discussion started by: smurphy_it
5 Replies
LEARN ABOUT HPUX
pam_chauthtok
pam_chauthtok(3) Library Functions Manual pam_chauthtok(3)
NAME
pam_chauthtok - perform password related functions within the PAM framework
SYNOPSIS
[ flag ... ] file ... [ library ... ]
DESCRIPTION
is called to change the authentication token associated with a particular user referenced by the authentication handle, pamh.
The following flag may be passed in to
The password service should not generate any messages.
The password service should only update those passwords that have aged.
If this flag is not passed, all password services should update their passwords.
Upon successful completion of the call, the authentication token of the user will be changed in accordance with the password service con-
figured in the system through pam.conf(4).
Notes
The flag is typically used by a application which has determined that the user's password has aged or expired. Before allowing the user to
login, the application may invoke with this flag to allow the user to update the password. Typically applications such as passwd(1) should
not use this flag.
performs a preliminary check before attempting to update passwords. This check is performed for each password module in the stack as listed
in pam.conf(4). The check may include pinging remote name services to determine if they are available. If returns then the check has
failed, and passwords are not updated.
APPLICATION USAGE
Refer to pam(3) for information on thread-safety of PAM interfaces.
RETURN VALUE
Upon successful completion, is returned. In addition to the error return values described in pam(3), the following values may be returned:
No permission.
Authentication token manipulation error.
Authentication information cannot be recovered.
Authentication token lock busy.
Authentication token aging disabled.
User unknown to password service.
Preliminary check by password service failed.
SEE ALSO
pam(3), pam_start(3), pam_authenticate(3).
pam_chauthtok(3)