[28424] in Kerberos
Re: SSH, expired pwd, change rejected
daemon@ATHENA.MIT.EDU (Russ Allbery)
Tue Sep 18 13:56:24 2007
From: Russ Allbery <rra@stanford.edu>
To: kerberos@mit.edu
In-Reply-To: <1190106256.867325.149120@d55g2000hsg.googlegroups.com> (Roman
Schoenbichler's message of "Tue, 18 Sep 2007 02:04:16 -0700")
Date: Tue, 18 Sep 2007 10:56:06 -0700
Message-ID: <87odfz3ljd.fsf@windlord.stanford.edu>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Roman.Schoenbichler@gmail.com writes:
> SSH seems to use passwd to change the password, which seems to behave
> quite different on each machine. Sometimes, this works pretty well, but
> most of the time, the password is rejected. The is not a matter of a bad
> chosen pwd.
ssh is probably not using passwd. It's using the PAM password stack,
which is the same thing that passwd uses. If you're using Kerberos
passwords for the system, you'll need to list your Kerberos PAM module
first (and probably sufficient) in the password stack.
Given that it's sometimes working and sometimes not, my guess is that you
partly have this configured but not entirely.
--
Russ Allbery (rra@stanford.edu) <http://www.eyrie.org/~eagle/>
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos