NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > PAM Discussion> 2003-07

pam_unix password expiry

From: John Newbigin (jnit.swin.edu.au)
Date: Tue Jul 15 2003 - 21:37:52 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I have a setup where I have both shadow passwords and smbpasswd
passwords. system-auth is below.

I have a problem with forcing password changes on login. From what I
can tell, account pam_unix is requesting the password change with
PAM_NEW_AUTHTOK_REQD. From there though, the password change procedure
is not the same as when passwd is launched from the command line. Then
end result is that the SMB password is not updated when the password is
changed on login.

Any ideas anyone?

John.

-- a normal password change
$ passwd
Changing password for jnewbigin
Current SMB password:
New LINUX password:
Retype new LINUX password:
passwd: all authentication tokens updated successfully
$

-- a change on login
$ ssh jnewbiginmercury
jnewbiginmercury's password:
You are required to change your password immediately (root enforced)
Warning: Your password has expired, please change it now
Changing password for jnewbigin
(current) UNIX password:
New LINUX password:
Retype new LINUX password:
$

It is a redhat 7.2 box. Here is /etc/system-auth:

auth required /lib/security/pam_env.so
auth requisite /lib/security/pam_unix.so likeauth nullok
auth optional /lib/security/pam_smbpass.so migrate

account required /lib/security/pam_unix.so

password required /lib/security/pam_cracklib.so retry=3 type=LINUX
password required /lib/security/pam_smbpass2.so use_authtok
try_first_pass migrate
password requisite /lib/security/pam_unix.so use_authtok md5
shadow try_first_pass

session required /lib/security/pam_limits.so
session required /lib/security/pam_unix.so

--
Information Technology Innovation Group
School of Information Technology
Swinburne University of Technology
Melbourne, Australia
http://www.it.swin.edu.au/staff/jnewbigin

_______________________________________________
Pam-list mailing list
Pam-listredhat.com
https://www.redhat.com/mailman/listinfo/pam-list

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]