[28424] in Kerberos

home help back first fref pref prev next nref lref last post

Re: SSH, expired pwd, change rejected

daemon@ATHENA.MIT.EDU (Russ Allbery)
Tue Sep 18 13:56:24 2007

From: Russ Allbery <rra@stanford.edu>
To: kerberos@mit.edu
In-Reply-To: <1190106256.867325.149120@d55g2000hsg.googlegroups.com> (Roman
	Schoenbichler's message of "Tue, 18 Sep 2007 02:04:16 -0700")
Date: Tue, 18 Sep 2007 10:56:06 -0700
Message-ID: <87odfz3ljd.fsf@windlord.stanford.edu>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu

Roman.Schoenbichler@gmail.com writes:

> SSH seems to use passwd to change the password, which seems to behave
> quite different on each machine.  Sometimes, this works pretty well, but
> most of the time, the password is rejected. The is not a matter of a bad
> chosen pwd.

ssh is probably not using passwd.  It's using the PAM password stack,
which is the same thing that passwd uses.  If you're using Kerberos
passwords for the system, you'll need to list your Kerberos PAM module
first (and probably sufficient) in the password stack.

Given that it's sometimes working and sometimes not, my guess is that you
partly have this configured but not entirely.

-- 
Russ Allbery (rra@stanford.edu)             <http://www.eyrie.org/~eagle/>
________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos

home help back first fref pref prev next nref lref last post