[31580] in Kerberos
Re: password expiration/change request fails to ask
daemon@ATHENA.MIT.EDU (Russ Allbery)
Tue Oct 13 17:41:12 2009
From: Russ Allbery <rra@stanford.edu>
To: kerberos@mit.edu
In-Reply-To: <4AD4ECE7.6020309@kickflop.net> (Jeff Blaine's message of "Tue,
13 Oct 2009 17:11:03 -0400")
Date: Tue, 13 Oct 2009 14:40:03 -0700
Message-ID: <873a5nynv0.fsf@windlord.stanford.edu>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Jeff Blaine <jblaine@kickflop.net> writes:
> % ssh cairo
> jblaine@cairo's password:
> Permission denied, please try again.
Judging from the password prompt that you're getting, you do not have
ChallengeResponseAuthentication enabled on your ssh server, which means
that it cannot do a full PAM dialogue. The simple PasswordAuthentication
ssh protocol can only handle a password prompt and response, not any
additional conversation such as an expired password change.
Check your sshd_config; I suspect that if you enable ChallengeResponse, it
will start working.
--
Russ Allbery (rra@stanford.edu) <http://www.eyrie.org/~eagle/>
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
