From owner-freebsd-bugs  Wed Mar  7  2:40: 8 2001
Delivered-To: freebsd-bugs@hub.freebsd.org
Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21])
	by hub.freebsd.org (Postfix) with ESMTP id 9862637B71B
	for <freebsd-bugs@hub.freebsd.org>; Wed,  7 Mar 2001 02:40:01 -0800 (PST)
	(envelope-from gnats@FreeBSD.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.11.1/8.11.1) id f27Ae1u46730;
	Wed, 7 Mar 2001 02:40:01 -0800 (PST)
	(envelope-from gnats)
Received: from yeti.ismedia.pl (yeti.ismedia.pl [212.182.96.18])
	by hub.freebsd.org (Postfix) with SMTP id 6449A37B719
	for <FreeBSD-gnats-submit@freebsd.org>; Wed,  7 Mar 2001 02:31:28 -0800 (PST)
	(envelope-from venglin@freebsd.lublin.pl)
Received: (qmail 44254 invoked from network); 7 Mar 2001 10:38:51 -0000
Received: from unknown (HELO lagoon.freebsd.lublin.pl) (212.182.115.11)
  by 0 with SMTP; 7 Mar 2001 10:38:51 -0000
Received: (qmail 3759 invoked from network); 7 Mar 2001 10:30:04 -0000
Received: from unknown (HELO riget.scene.pl) ()
  by 0 with SMTP; 7 Mar 2001 10:30:04 -0000
Received: (qmail 3755 invoked by uid 1001); 7 Mar 2001 10:30:03 -0000
Message-Id: <20010307103003.3754.qmail@riget.scene.pl>
Date: 7 Mar 2001 10:30:03 -0000
From: venglin@freebsd.lublin.pl
Reply-To: venglin@freebsd.lublin.pl
To: FreeBSD-gnats-submit@freebsd.org
X-Send-Pr-Version: 3.2
Subject: bin/25586: Password expiration doesn't work after upgrade of system
Sender: owner-freebsd-bugs@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


>Number:         25586
>Category:       bin
>Synopsis:       Password expiration doesn't work after upgrade of system
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Mar 07 02:40:01 PST 2001
>Closed-Date:
>Last-Modified:
>Originator:     Przemyslaw Frasunek
>Release:        FreeBSD 4.2-STABLE i386
>Organization:
ISMEDIA
>Environment:

	FreeBSD 4.2-STABLE as of 22 Feb 2001. On 4.2-STABLE as of 25 Dec 2000
	everything was ok.

	/etc/login.conf:

standard:\
       	:passwordperiod=90d:\
       	:autodelete=6w:\
       	:passwordtime=4w:\
       	:warnpassword=1w:\
	:tc=default:

	OpenSSH version:

SSH Version OpenSSH_2.3.0, protocol versions 1.5/2.0.
Compiled with SSL (0x0090600f).

	/etc/pam.conf:

# OpenSSH with PAM support requires similar modules.  The session one is
# a bit strange, though...
sshd    auth    sufficient      pam_skey.so
#sshd   auth    sufficient      pam_kerberosIV.so               try_first_pass
sshd    auth    required        pam_unix.so                     try_first_pass
sshd    session required        pam_permit.so

>Description:

	If password is expired, sshd enters in infinite loop flooding
	syslog with such messages and eating all CPU time.

Mar  7 11:25:31 yeti sshd[43628]: PAM pam_chauthtok failed[6]: Permission denied
Mar  7 11:25:31 yeti sshd[43628]: no modules loaded for `sshd' service

	The normal behaviour was to spawn passwd and allow user to change the
	password.

>How-To-Repeat:

	Turn on password expiration, login on account with expired password.

>Fix:

	Unknown.

>Release-Note:
>Audit-Trail:
>Unformatted:

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message