pam.d/sshd config for passwd expiration

ssy68 · 03-25-2008, 11:23 AM

I'm trying to make ssh login force the user to change his password when the password expired. I got the prompt to enter current password, but the new password was never successfully changed.

The console log is:
->ssh sshuser@xx.xx.xx.xx
Password: => I entered current password here
You are required to change your password immediately (root enforced)
Changing password for sshuser
(current) UNIX password: => I entered current password here
Password unchanged

Password: => I entered current password here
You are required to change your password immediately (root enforced)
Changing password for sshuser
(current) UNIX password: => I entered new password
Password: => I entered new password
Permission denied (publickey,keyboard-interactive).

Is this controlled by pam.d/sshd configuration? Is anything wrong with my config file?

my sshd is:
# Begin /etc/pam.d/sshd

auth required pam_stack.so service=system-auth
auth required pam_nologin.so
account required pam_stack.so service=system-auth
password required pam_stack.so service=system-auth
session required pam_stack.so service=system-auth
session required pam_limits.so
session optional pam_console.so

# End /etc/pam.d/sshd

Thanks.

unSpawn · 03-26-2008, 07:41 AM

Quote:

Originally Posted by ssy68

Is this controlled by pam.d/sshd configuration?

Config looks OK. As you see most of the PAM stack is in /etc/pam.d/system-auth, look there. Also the logs may show PAM-related info or warnings.

ssy68 · 03-26-2008, 10:05 AM

I modified system-auth, now it works. Thanks.

unSpawn · 03-26-2008, 10:56 AM

So, what did you modify?