password change after expiry

Marcin N nichu at WYTNIJ.onet.pl
Wed Mar 12 03:49:26 EDT 2008


Russ Allbery wrote:
> Marcin N <nichu at nospam.onet.pl> writes:
> 
>> Oh yeah I forgot to write about it :/
>>
>> I'm using mit-krb5 on gentoo - it's on clients server is on debian
>> (krb5-kdc and krb5-admin-server 1.4.4-7etch4) but probably will be on
>> solaris
> 
> What PAM module are you using on Gentoo?  I don't know which one they
> ship.  Mine should prompt you for a new password for an expired password.
> 
> You don't, however, say whether you're using console login or ssh.  For
> expired account password changes via ssh, you have to use
> ChallengeResponseAuthentication.  PasswordAuthentication doesn't have
> sufficient interactivity in the protocol to handle the prompting.
> 

Hi
Thank You for trying to help me :)
pam module on gentoo:

*  sys-auth/pam_krb5
       Latest version installed: 1.0-r1
       Homepage:      http://www.fcusack.com/
       Description:   Pam module for MIT Kerberos V
       License:       BSD GPL-2 as-is

i'm trying to login via console and ssh - i have 
ChallengeResponseAuthentication option enabled i sshd_config.

But it doesn't prompt for password change :/

during login via console there is notice
"Password expired. You must change it now"

and via ssh - it only echoes Connection closed by ...

Regards
nichu



More information about the Kerberos mailing list