From owner-freebsd-questions Tue Nov 12 15:43:48 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 960E537B401 for ; Tue, 12 Nov 2002 15:43:47 -0800 (PST) Received: from nox.cx (nox.cx [216.12.18.14]) by mx1.FreeBSD.org (Postfix) with ESMTP id DD95243E7B for ; Tue, 12 Nov 2002 15:43:46 -0800 (PST) (envelope-from zakj-freebsd-questions@nox.cx) Received: (qmail 44573 invoked by uid 1000); 12 Nov 2002 23:43:47 -0000 Date: Tue, 12 Nov 2002 18:43:47 -0500 From: Zak Johnson To: freebsd-questions@freebsd.org Subject: OpenSSH and password expiry Message-ID: <20021112234347.GA44490@opiate.nox.cx> Mail-Followup-To: Zak Johnson , freebsd-questions@freebsd.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4i Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG [Please CC me on replies, as I am not subscribed to this list.] I want to force new users to change their passwords immediately upon first login. I set the "change" field in master.passwd to 1 (via pw useradd ... -p 1). Logging in via login(1) works as expected---the user is prompted to change the password and then logs in as usual. However, my users only connect via ssh, which instead yields the following logs: PAM rejected by account configuration[12]: Authentication token is no longer valid; new one required. Failed password for testuser from 127.0.0.1 port 3367 ssh2 The user sees: $ ssh testuser@localhost testuser@localhost's password: Connection to localhost closed by remote host. Connection to localhost closed. What have I done wrong? -Zak To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message