1. Create a new user, and set the new user's password 2. Run chage to force the user's password to be updated (Maximum Password Age to "1", and Last Password Change to 2 days before today) 3. Install rsh-server 4. chkconfig add rlogin 5. Try to rlogin to this machine as that user $ rlogin -l testuser amd64 connect to address 172.16.10.230: Connection refused Trying krb4 rlogin... connect to address 172.16.10.230: Connection refused trying normal rlogin (/usr/bin/rlogin) Password: You are required to change your password immediately (password aged) Changing password for testuser (current) UNIX password: If the password isn't entered properly on the first prompt, then login seems to take over, and the line feeds look fine. $ rlogin -l testuser amd64 connect to address 172.16.10.230: Connection refused Trying krb4 rlogin... connect to address 172.16.10.230: Connection refused trying normal rlogin (/usr/bin/rlogin) Password: Password: Login incorrect login: testuser Password: You are required to change your password immediately (password aged) Changing password for testuser (current) UNIX password: rlogin: connection closed. Logging in using ssh works fine as well: $ ssh testuser@amd64 testuser@amd64's password: You are required to change your password immediately (password aged) WARNING: Your password has expired. You must change your password now and login again! Changing password for user testuser. Changing password for testuser (current) UNIX password: The problem happens on any combination of RHEL3 and RHEL4 servers and clients (RHEL3 server/RHEL4 client, RHEL4 server/RHEL4 client, etc.)
You're probably right. There's private PAM_conversation() implementation in the rlogind and it's without "\n".
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2006-0231.html
These are the comments from the customer which are in the Issue Tracker ticket. <snip> The results for the rlogin from AIX to Linux were a little strange. I'm attaching a file that shows the output to the screen (still not getting line feeds from the PAM module passwdqc). The strange behavior was that once I changed my password, I was prompted again to change it before completing the login. Before reacting to the prompt, I verified that the password was changed (see top of attached rlogin.txt file). I then entered the newly changed password at each prompt for password and the login completed. <another comment from IT> We initially tested the updated packages in our Lab, where they appeared to resolve our problem. Our lab does not have an AIX system, so we moved into our operational environment to do further testing. My "rlogin.txt" attachment from 3/10 shows what happened when we logged into a Linux system with the updated rsh* packages from an AIX workstation. We discovered yesterday that the we see the same result when logging into a Linux system from a Linux workstation. The primary difference between our lab systems and the operational systems is that the operational systems use the pam module pam_passwdqc instead of pam_cracklib (in /etc/pam.d/system-auth). In summary, the updated packages fix the line-feed problems with the initial prompts to change the password. Once the pam_passwdqc module is involved, the output seems to skew again. In addition, once the password is successfully changed, the user is prompted to reenter the password. If you access the system via telnet the prompts for password change and the output of pam_passwdqc line feed normally. The user is also not prompted to reenter the password once it has been successfully changed.
See bug #191390 which is open for this issue.