when using ssh's authentication against either pam_unix or pam_krb5 expired passwords are not treated properly. with pam_unix: sshd: users are not prompted to change their password and can login. with pam_unix: scp: users are not prompted to change their password and can transfer files. with pam_krb5: sshd: users are not prompted to change their password and cannot login. with pam_krb5: scp: users are not prompted to change their password and can transfer files. currently the only way to get expired passwords treated correctly by sshd is to use the system's login routine with pam_unix. there is no way to get scp to behave properly.
i will look at this.
solaris 8 + openssh3.1p1; something about doing a PAM operation with euid 0? has this ever worked on solaris? $ ssh solen Warning: Your password has expired, please change it now Enter login password: removing root credentials would break the rpc services that use secure rpc on this host! root may use keylogout -f to do this (at your own risk)! Connection to 172.31.1.203 closed by remote host. Connection to 172.31.1.203 closed.
This will be fixed up by whatever ends up fixing Bug #423 *** This bug has been marked as a duplicate of 423 ***
Mass change of RESOLVED bugs to CLOSED