Solaris

Im not too sure.. But as far as I know this feature is new since Solaris 10/04 release.
The sshd daemon uses the variables in /etc/default/login and the login command. The etc/default/login variables can be overridden by values in the sshd_config file during ssh.

However, did you try to login to the server as root and check the messages file that the login attempts are logged in there? Please check and let me know
And what I have seen so far from the console is to set the new password. Never encountered a situation where it will prompt for the 'Password too short - must be at least 8 characters' error before

These messages aren't managed by PAM instead of SSH ?

I think you should check your PAM configuration to see if STDERR is not redirected to /dev/null or something like this.

ahh, i never thought about the PAM configuration. It just seems odd that ssh from another solaris box works fine, in that it prompts to say 'password too short' but putty (using ssh) doesnt...wierd!

authlog writes out the following when attempting to connect through putty (at the point at which a new password is requested)

Keyboard-interactive (PAM) userauth failed[20] while changing authentication tokens (password): Authentication token manipulation error

cheers

---------- Post updated at 02:36 PM ---------- Previous update was at 02:21 PM ----------

any ideas what piece of the PAM configuration i need to look at?

thanks

Try to set UsePAM to no or UsePrivilegeSeparation to yes in the configuration of the SSH server

Source : http://lists.mindrot.org/pipermail/o...08-October.txt

But look again, it seems that it is still referring to a remote connection

Code:

If I do "UsePAM no" _or_ "UsePrivilegeSeparation yes" then the password
change process works...
  WARNING: Your password has expired.
  You must change your password now and login again!
  Changing password for user fred.
  Changing password for fred
  (current) UNIX password: 
  New UNIX password: 
  Retype new UNIX password: 
  passwd: all authentication tokens updated successfully.
  Connection to localhost closed.

(that logout and login again process is annoying)

yeah. the whole thing is driving me crazy to be honest. the password will change fine for me (without any of the above change being made) my concern is the fact that general users will not receive the help prompts when attempting to log on through putty to a server that requires the password to be updated.

as i say, using ssh from another sun box works fine ie displays the prompt info

cheers

Who knows.. Maybe its the default behaviour