From owner-freebsd-current@FreeBSD.ORG Tue Aug 5 12:24:02 2003 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E93FB37B405 for ; Tue, 5 Aug 2003 12:24:02 -0700 (PDT) Received: from mail.broadpark.no (mail.broadpark.no [217.13.4.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5E3C243FBF for ; Tue, 5 Aug 2003 12:24:01 -0700 (PDT) (envelope-from des@des.no) Received: from smtp.des.no (37.80-203-228.nextgentel.com [80.203.228.37]) by mail.broadpark.no (Postfix) with ESMTP id 9453D78A44; Tue, 5 Aug 2003 21:24:00 +0200 (MEST) Received: by smtp.des.no (Pony Express, from userid 666) id 5F42A95FE6; Tue, 5 Aug 2003 21:24:00 +0200 (CEST) Received: from dwp.des.no (dwp.des.no [10.0.0.4]) by smtp.des.no (Pony Express) with ESMTP id B16F9959A5; Tue, 5 Aug 2003 21:23:56 +0200 (CEST) Received: by dwp.des.no (Postfix, from userid 2602) id 83B0BB822; Tue, 5 Aug 2003 21:23:56 +0200 (CEST) To: Mats Larsson References: <20030802150826.D35850@marvin.sko.mh.se> <20030804061719.GB873@HAL9000.homeunix.com> <20030805122042.T55344@marvin.sko.mh.se> <20030805152542.GA752@HAL9000.homeunix.com> From: des@des.no (Dag-Erling =?iso-8859-1?q?Sm=F8rgrav?=) Date: Tue, 05 Aug 2003 21:23:56 +0200 In-Reply-To: <20030805152542.GA752@HAL9000.homeunix.com> (David Schultz's message of "Tue, 5 Aug 2003 08:25:42 -0700") Message-ID: User-Agent: Gnus/5.090024 (Oort Gnus v0.24) Emacs/21.3 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, hits=-3.0 required=8.0 tests=EMAIL_ATTRIBUTION,IN_REP_TO,QUOTED_EMAIL_TEXT,REFERENCES, REPLY_WITH_QUOTES,USER_AGENT_GNUS_UA version=2.55 X-Spam-Level: X-Spam-Checker-Version: SpamAssassin 2.55 (1.174.2.19-2003-05-19-exp) cc: freebsd-current@freebsd.org Subject: Re: warnpassword and warnexpire in 5.1 login.conf X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 05 Aug 2003 19:24:03 -0000 David Schultz writes: > On Tue, Aug 05, 2003, Mats Larsson wrote: >> And the following varning when password is old: >> Aug 5 12:27:38 marvin sshd[55386]: error: PAM: OK >> Aug 5 12:27:40 marvin sshd[55390]: fatal: PAM: chauthtok not supprted = with privsep >>=20 >> Is there perhaps a better PAM way of doing this things now?? > > Hmm... Apparently you can't change an expired password with a > privilege-separated OpenSSH. I don't know whether that can be > fixed, but perhaps des@ has some insight. It can be done, but not without cheating. You have to have the PAM support code do chauthtok as part of the authentication sequence. I've been meaning to do it for a while but haven't gotten around to it yet. DES --=20 Dag-Erling Sm=F8rgrav - des@des.no