117429 – Unable to force password change on first login via ssh.

Bug 117429 - Unable to force password change on first login via ssh.

Summary: Unable to force password change on first login via ssh.

Keywords:
Status:	CLOSED DUPLICATE of bug 124602
Alias:	None
Product:	Red Hat Enterprise Linux 3
Classification:	Red Hat
Component:	openssh
Sub Component:
Version:	3.0
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Tomas Mraz
QA Contact:	Brian Brock
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2004-03-03 21:17 UTC by Chris Kloiber
Modified:	2007-11-30 22:07 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2005-02-07 15:02:51 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Description Chris Kloiber 2004-03-03 21:17:16 UTC

Description of problem:

Customer wishes to force users to change their password on first login
to Red Hat Enterprise 3 system when connection is via ssh only. I
spoke with Nalin about this a while back and was told this does not work. 

The customer says that is a regression since Red Hat Enterprise Linux
2.1 as he says it works fine there. The error he sees when he tries
this on RHEL3 is:

"PAM rejected by account configuration"

The steps he took on RHEL2.1 and wants to continue to use on RHEL3 are:

1.) passwd <username> 
     -change user's password to a generic one 
2.) chage -d 0 <username>

Comment 1 Jason W. Mitchell 2004-08-07 18:11:34 UTC

procedure as above:

  $ ssh username@host
  username@host's password:
  WARNING: Your password has expired.
  You must change your password now and login again!
  Changing password for user USERNAME.
  Changing password for USERNAME
  (current) UNIX password: *******
  passwd: Authentication token manipulation error
  Connection to HOST closed.


$ cat /etc/redhat-release
Red Hat Enterprise Linux WS release 3 (Taroon Update 2)

System is "up2date" current as of 2004/80/06.

$ rpm -q openssh openssl pam
openssh-3.6.1p2-33.30.1
openssl-0.9.7a-33.4
pam-0.75-54

Also occurs with openssh-3.8.1p1 built w/ the 3.6.1p2-33.30.1 spec

$ cat /etc/pam.d/sshd
#%PAM-1.0
auth       required     pam_stack.so service=system-auth
auth       required     pam_nologin.so
account    required     pam_stack.so service=system-auth
password   required     pam_stack.so service=system-auth
session    required     pam_stack.so service=system-auth
session    required     pam_limits.so
session    optional     pam_console.so

$ cat /etc/ssh/sshd_conf
AuthorizedKeysFile      .ssh/authorized_keys
ChallengeResponseAuthentication yes
HostbasedAuthentication no
HostKey /etc/ssh/ssh_host_dsa_key
IgnoreRhosts yes
LogLevel INFO
PermitRootLogin no
Port 22
Protocol 2
SyslogFacility AUTH
TCPKeepAlive yes
X11DisplayOffset 10
X11Forwarding yes
X11UseLocalhost yes
Subsystem       sftp    /usr/libexec/openssh/sftp-server

Comment 2 Jason W. Mitchell 2004-08-08 23:25:59 UTC

up2date to kernel-smp-2.4.21-15.0.4.EL from
kernel-smp-2.4.21-15.0.3.EL   solves my problem above.

The problem does not occur on stock kernel-smp-2.4.21-15.EL. (RHEL3u2)

Comment 3 Tomas Mraz 2005-02-07 15:02:51 UTC


*** This bug has been marked as a duplicate of 124602 ***

Note You need to log in before you can comment on or make changes to this bug.