From: Victor Engle (sunmanager@summerseas.com)
Date: Mon Jan 31 2005 - 10:51:12 EST
Hello List,
I have a Sun One Directory server version 5.2 configured as a naming
service for solaris 8 and 9 machines. Everything worked smoothly until I
tried to enforce passwd expiration and account lockout via the directory
server.
I changed this line in the pam stack for sshd from this
sshd account required pam_unix_account.so.1
to this
sshd account required pam_unix_account.so.1 server_policy
Then I logged in with a user ID whose account would expire soon and the
system printed the " account expiration" warning as expected. Account
lockout worked as well. The problem is that if I try to login using
public key authentication the login fails. If I remove the server_policy
parameter from the pam.conf line above then public key and password
logins succeed but fail to print the expiration warning and ignore
lockout settings.
Telnet logins work as expected but we would really like to have ssh
logins work correctly with password expiration and account lockout. We
are using the most recent openssh version, 3.9p1 from sunfreeware.com.
The only change made to sshd_config was the UsePAM parameter was set to
'yes'.
Any ideas?
Thanks,
Vic
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:30:05 EDT