OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Steven S (stevenslcorp.earthlink.net)
Date: Wed Jan 16 2002 - 15:39:51 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Running a RedHat 6.2 box with pam-0.72-20.6.x installed.
    This machine was recently reconfigured to expire passwords after 90 days,
    giving 7 days notice of expiration + 7 days after to change their
    password. A user noticed some odd behaviour. With the password expired but
    within the 7 day window to change it....

    (memybox) $ ssh meanotherbox
    meanotherbox's password:
    Your password has expired; please change it!
    Warning: Your password has expired, please change it now
    Changing password for me
    (current) UNIX password: test.1234
    New UNIX password: test.1234
    Password unchanged
    Connection to anotherbox closed by remote host.
    Connection to anotherbox closed.

    (memybox) $ ssh meanotherbox
    meanotherbox's password:
    Your password has expired; please change it!
    Warning: Your password has expired, please change it now
    Changing password for me
    (current) UNIX password: test.1234
    New UNIX password: foobar99
    Retype new UNIX password: foobar99
    Last login: Wed Jan 16 16:09:46 2002 from mybox
    [meanotherbox /home/me ]$

    notice the nifty plain text.

    A tcpdump shows the plain text is being send across encrypted but as you
    can see it echos back on the display. Also when changing the password from
    this prompt it looks like Linux-PAM uses crypt instead of md5. Any way of
    changing that?

    _______________________________________________
    Pam-list mailing list
    Pam-listredhat.com
    https://listman.redhat.com/mailman/listinfo/pam-list