PAM modules clearing pwexpire field without prompting for new PW
James F.Hranicky
jfh at cise.ufl.edu
Wed Mar 26 07:30:09 EST 2003
I tracked down the source of the pwexpire "clearing" problem when a
PAM module allows a user with an expired password to log in without
prompting them for the new one: the module was simply re-using the
original password to effect the password change, leaving the user
with the same password and clearing the expired field. A policy with
a password history thwarts this behavior.
Sorry for the confusion.
----------------------------------------------------------------------
| Jim Hranicky, Senior SysAdmin UF/CISE Department |
| E314D CSE Building Phone (352) 392-1499 |
| jfh at cise.ufl.edu http://www.cise.ufl.edu/~jfh |
----------------------------------------------------------------------
"Given a choice between a complex, difficult-to-understand, disconcerting
explanation and a simplistic, comforting one, many prefer simplistic
comfort if it's remotely plausible, especially if it involves blaming
someone else for their problems."
-- Bob Lewis, _Infoworld_
More information about the Kerberos
mailing list