Bug 117429 - Unable to force password change on first login via ssh.
Unable to force password change on first login via ssh.
Status: CLOSED DUPLICATE of bug 124602
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: openssh (Show other bugs)
3.0
All Linux
medium Severity medium
: ---
: ---
Assigned To: Tomas Mraz
Brian Brock
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2004-03-03 16:17 EST by Chris Kloiber
Modified: 2007-11-30 17:07 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-02-07 10:02:51 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Chris Kloiber 2004-03-03 16:17:16 EST
Description of problem:

Customer wishes to force users to change their password on first login
to Red Hat Enterprise 3 system when connection is via ssh only. I
spoke with Nalin about this a while back and was told this does not work. 

The customer says that is a regression since Red Hat Enterprise Linux
2.1 as he says it works fine there. The error he sees when he tries
this on RHEL3 is:

"PAM rejected by account configuration"

The steps he took on RHEL2.1 and wants to continue to use on RHEL3 are:

1.) passwd <username> 
     -change user's password to a generic one 
2.) chage -d 0 <username>
Comment 1 Jason W. Mitchell 2004-08-07 14:11:34 EDT
procedure as above:

  $ ssh username@host
  username@host's password:
  WARNING: Your password has expired.
  You must change your password now and login again!
  Changing password for user USERNAME.
  Changing password for USERNAME
  (current) UNIX password: *******
  passwd: Authentication token manipulation error
  Connection to HOST closed.


$ cat /etc/redhat-release
Red Hat Enterprise Linux WS release 3 (Taroon Update 2)

System is "up2date" current as of 2004/80/06.

$ rpm -q openssh openssl pam
openssh-3.6.1p2-33.30.1
openssl-0.9.7a-33.4
pam-0.75-54

Also occurs with openssh-3.8.1p1 built w/ the 3.6.1p2-33.30.1 spec

$ cat /etc/pam.d/sshd
#%PAM-1.0
auth       required     pam_stack.so service=system-auth
auth       required     pam_nologin.so
account    required     pam_stack.so service=system-auth
password   required     pam_stack.so service=system-auth
session    required     pam_stack.so service=system-auth
session    required     pam_limits.so
session    optional     pam_console.so

$ cat /etc/ssh/sshd_conf
AuthorizedKeysFile      .ssh/authorized_keys
ChallengeResponseAuthentication yes
HostbasedAuthentication no
HostKey /etc/ssh/ssh_host_dsa_key
IgnoreRhosts yes
LogLevel INFO
PermitRootLogin no
Port 22
Protocol 2
SyslogFacility AUTH
TCPKeepAlive yes
X11DisplayOffset 10
X11Forwarding yes
X11UseLocalhost yes
Subsystem       sftp    /usr/libexec/openssh/sftp-server
Comment 2 Jason W. Mitchell 2004-08-08 19:25:59 EDT
up2date to kernel-smp-2.4.21-15.0.4.EL from
kernel-smp-2.4.21-15.0.3.EL   solves my problem above.

The problem does not occur on stock kernel-smp-2.4.21-15.EL. (RHEL3u2)
Comment 3 Tomas Mraz 2005-02-07 10:02:51 EST

*** This bug has been marked as a duplicate of 124602 ***

Note You need to log in before you can comment on or make changes to this bug.