All,
I enabled PAM and aged a password, but when I login it asks me for the current password then says password unchanged after entering the current password. Is this a bug? My security dept is going to want me to enable password aging and I'm stuck!
Any help on what the issu is?
Connecting to host...
Password:
You are required to change your password immediately (root enforced)
Changing password for user
(current) UNIX password:
Password unchanged
What are the contents of your .../pam.d/sshd and .../pam/system-auth files?
That is where the issue was! I updated the SSHD pam file from another RHEL box that had the correct SSHD and it works. When I compiled openssh5.2 it didn't have the correct entries in /etc/pam.d/sshd
Thanks!
Here is the correct PAM if anyone cares:
#%PAM-1.0
auth include system-auth
account required pam_nologin.so
account include system-auth
password include system-auth
session optional pam_keyinit.so force revoke
session include system-auth
session required pam_loginuid.s
I thought this was fixed, but for some reason the SFTP prompt won't ask me to change the password like I had originally thought, but ssh prompt will. It just disconnects me when connecting using SFTP Any ideas?
I am using the config in the post above for sshd pam.
I have disabled the shell for these users so they can't ssh to change their password. Is this even possible?
Can anyone help with this? I am stumped
This area tends to be a can of worms. See this post for an example.
SecurityFocus Secure Shell: Re: password aging with sftp
Thanks FP, I just realized I didn't have UsePam enabled and you also have to set "ChallengeResponse...." to yes. It is working now!