Date: Wed, 19 Mar 2003 00:05:34 +0100 From: des@ofug.org (Dag-Erling =?iso-8859-1?q?Sm=F8rgrav?=) To: Julian Elischer <julian@elischer.org> Cc: hackers@freebsd.org Subject: Re: rumour of password aging failure in 4.7/4.8RC Message-ID: <xzpu1e01dj5.fsf@flood.ping.uio.no> In-Reply-To: <Pine.BSF.4.21.0303181439160.35378-100000@InterJet.elischer.org> (Julian Elischer's message of "Tue, 18 Mar 2003 14:45:25 -0800 (PST)") References: <Pine.BSF.4.21.0303181439160.35378-100000@InterJet.elischer.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Julian Elischer <julian@elischer.org> writes: > Ok so we'll have to miss 4.8. Does making it work for PAM allow it to > work for ssh? I don't understand what you mean - PAM already supports password expiry and changing, so it should work for console logins at least (though to be honest I never tested it very thoroughly). The problem with ssh is that password changing is supposed to happen at a later point than authentication, and the way the monitor currently works makes it very awkward to implement. For PAM, I can probably cheat by pretending that password changing is part of the authentication procedure (which it normally isn't in ssh), but it'll only work for ssh2 since the ssh1 challenge-response mechanism doesn't allow multiple challenges. DES --=20 Dag-Erling Sm=F8rgrav - des@ofug.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?xzpu1e01dj5.fsf>