password change after expiry

Russ Allbery rra at stanford.edu
Tue Mar 11 14:37:07 EDT 2008


Marcin N <nichu at nospam.onet.pl> writes:

> Oh yeah I forgot to write about it :/
>
> I'm using mit-krb5 on gentoo - it's on clients server is on debian
> (krb5-kdc and krb5-admin-server 1.4.4-7etch4) but probably will be on
> solaris

What PAM module are you using on Gentoo?  I don't know which one they
ship.  Mine should prompt you for a new password for an expired password.

You don't, however, say whether you're using console login or ssh.  For
expired account password changes via ssh, you have to use
ChallengeResponseAuthentication.  PasswordAuthentication doesn't have
sufficient interactivity in the protocol to handle the prompting.

-- 
Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>



More information about the Kerberos mailing list