From: Joshua Gallant (jgallant77@yahoo.com)
Date: Fri Jun 22 2007 - 11:47:20 EDT
Hi Everyone,
I've tried searching for answers on google but have
come up empty so figured I would try the mailing list
route next. Here's my dilemma:
My company currently uses a terminal emulation
software called anzio to connect to a Solaris 9 4/03
box via SSH. The server runs "SSH Version
Sun_SSH_1.0.1" for server software and things work
perfectly.
We're in the process of configuring a new machine
running Solaris 10 11/06 with "Sun_SSH_1.1" running.
The problem arises when a users password has expired.
More specifically, if we use the "passwd -f" option to
set a user to change their password during the next
login then their login is rejected.
I've run the server in debug mode and used a SecureCRT
session with trace options turned on and found that
when the password is expired the server switches to
keyboard-interactive mode. It seems that the client
software we use supports password mode but not
keyboard-interactive.
Here are a few relevant settings from my sshd_config
file:
# To disable tunneled clear text passwords, change
PasswordAuthentication to no.
PasswordAuthentication yes
# Use PAM via keyboard interactive method for
authentication.
# Depending on the setup of pam.conf(4) this may allow
tunneled clear text
# passwords even when PasswordAuthentication is set to
no. This is dependent
# on what the individual modules request and is out of
the control of sshd
# or the protocol.
PAMAuthenticationViaKBDInt yes
It seems that the new version of SSH works differently
than the old. Anyone else run into this problem?
Anyone have any ideas that might help me?
Thanks in advance for any help you can offer.
Josh
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:42:05 EDT