UNIX for Advanced & Expert Users

All,
I enabled PAM and aged a password, but when I login it asks me for the current password then says password unchanged after entering the current password. Is this a bug? My security dept is going to want me to enable password aging and I'm stuck!

Any help on what the issu is?

Connecting to host...
Password:
You are required to change your password immediately (root enforced)
Changing password for user
(current) UNIX password:
Password unchanged

What are the contents of your .../pam.d/sshd and .../pam/system-auth files?

That is where the issue was! I updated the SSHD pam file from another RHEL box that had the correct SSHD and it works. When I compiled openssh5.2 it didn't have the correct entries in /etc/pam.d/sshd

Thanks!


Here is the correct PAM if anyone cares:

Code:

#%PAM-1.0
auth       include      system-auth
account    required     pam_nologin.so
account    include      system-auth
password   include      system-auth
session    optional     pam_keyinit.so force revoke
session    include      system-auth
session    required     pam_loginuid.s

I thought this was fixed, but for some reason the SFTP prompt won't ask me to change the password like I had originally thought, but ssh prompt will. It just disconnects me when connecting using SFTP Any ideas?

I am using the config in the post above for sshd pam.


I have disabled the shell for these users so they can't ssh to change their password. Is this even possible?

Can anyone help with this? I am stumped

This area tends to be a can of worms. See this post for an example.

SecurityFocus Secure Shell: Re: password aging with sftp

Thanks FP, I just realized I didn't have UsePam enabled and you also have to set "ChallengeResponse...." to yes. It is working now!