Date: Wed, 25 Jul 2001 04:19:55 -0400 (EDT) From: Igor Roshchin <str@giganda.komkon.org> To: security@freebsd.org Subject: sshd, pam and password expiration Message-ID: <200107250819.f6P8Jt715529@giganda.komkon.org>
next in thread | raw e-mail | index | archive | help
I ran into the following problem: FreeBSD 4.3-RELEASE box. If a user has the password expired (non-zero corresponding field in /etc/master.passwd), then upon login via ssh (using a ssh2 client) the following happens: depending on the client: Unix ssh2 client: (e.g. SSH Secure Shell 2.3.0 (non-commercial version)) Upon login, the following message appears: Authentication successful. Warning: Your password has expired, please change it now And then the connection freezes up, while the log is filled with thousands per second messages: Jul 25 04:03:51 <auth.info> HOST sshd[15221]: PAM pam_chauthtok failed[6]: Permission denied Jul 25 04:03:51 <auth.err> HOST giganda sshd[15221]: no modules loaded for `sshd' service /etc/pam.conf has the following lines relevant to ssh: sshd auth sufficient pam_skey.so sshd auth required pam_unix.so try_first_pass sshd session required pam_permit.so csshd auth required pam_skey.so If a Windows-based ssh.com's ssh is used the user gets the message: Server responded "No further authentication methods available". and nothing else happens. There are no problems if the connection is via ssh1 client, or if the password is not expired. Questions: 1. What is the reason and what is misconfigured ? 2. Where can I read a nice description of pam authentication ? Thanks, Igor To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200107250819.f6P8Jt715529>