LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   pam.d/sshd config for passwd expiration (https://www.linuxquestions.org/questions/linux-newbie-8/pam-d-sshd-config-for-passwd-expiration-630529/)

ssy68 03-25-2008 11:23 AM
pam.d/sshd config for passwd expiration
 
I'm trying to make ssh login force the user to change his password when the password expired. I got the prompt to enter current password, but the new password was never successfully changed.

The console log is:
->ssh sshuser@xx.xx.xx.xx
Password: => I entered current password here
You are required to change your password immediately (root enforced)
Changing password for sshuser
(current) UNIX password: => I entered current password here
Password unchanged

Password: => I entered current password here
You are required to change your password immediately (root enforced)
Changing password for sshuser
(current) UNIX password: => I entered new password
Password: => I entered new password
Permission denied (publickey,keyboard-interactive).


Is this controlled by pam.d/sshd configuration? Is anything wrong with my config file?

my sshd is:
# Begin /etc/pam.d/sshd

auth required pam_stack.so service=system-auth
auth required pam_nologin.so
account required pam_stack.so service=system-auth
password required pam_stack.so service=system-auth
session required pam_stack.so service=system-auth
session required pam_limits.so
session optional pam_console.so

# End /etc/pam.d/sshd

Thanks.

unSpawn 03-26-2008 07:41 AM
Quote:
Originally Posted by ssy68 (Post 3099978)
Is this controlled by pam.d/sshd configuration?
Config looks OK. As you see most of the PAM stack is in /etc/pam.d/system-auth, look there. Also the logs may show PAM-related info or warnings.

ssy68 03-26-2008 10:05 AM
I modified system-auth, now it works. Thanks.

unSpawn 03-26-2008 10:56 AM
So, what did you modify?


All times are GMT -5. The time now is 05:30 PM.