SSH, expired pwd, change rejected

Roman.Schoenbichler@gmail.com Roman.Schoenbichler at gmail.com
Tue Sep 18 05:04:16 EDT 2007


Hi again!

Your AD, LDAP and Kerberos are working fine now, despite one problem.

If we change a users pwd in AD, and enable the option, that the user
has to change it at the next loggin, then ssh prompts for a new pwd.

SSH seems to use passwd to change the password, which seems to behave
quite different on each machine.
Sometimes, this works pretty well, but most of the time, the password
is rejected. The is not a matter of a bad chosen pwd.

We could link passwd to kpasswd (which works on all machines), but the
policie rules and error messages are not quite what we were looking
for.
We haven't experienced any difference between the attempts to change
the pwd, it just sometimes works and sometimes doesn't.

Has anybody a clue..?

Greets
roman




More information about the Kerberos mailing list