Bug 226

Summary: open ssh appears to stop password change prompts from Solaris
Product: Portable OpenSSH Reporter: Dirk Bockmann <dirk.bockmann>
Component: sshdAssignee: OpenSSH Bugzilla mailing list <openssh-bugs>
Status: CLOSED DUPLICATE    
Severity: normal    
Priority: P2    
Version: -current   
Hardware: UltraSPARC   
OS: Solaris   

Description Dirk Bockmann 2002-04-24 16:40:55 AEST 
We are in the process of rolling out version 3.1 of openssh across 30 Solaris 
servers running 2.5.1. to 2.8 on a variety of hardware from Ultra 10's to 
E4500's.   All is going well thank you except:

Our password policy requires that users change em within 30 days and we lock em 
out if they do not access the server for 90 days.
Our problem is that when we get to the password change warning stage they are 
locked out if using openssh.   
I presume because the solaris response is to send the Please change your 
password message rather than grant access.    This causes ssh on the client 
machine to respond with "Permission denied please try again" and a further 
password prompt.  
We get a similar result if we use tera term.
Comment 1 Kevin Steves 2002-04-25 05:03:00 AEST 
changing an expired password is not supported on non-PAM
configurations.  but i am continuing to look into this
and hope to have a fix in the next release.

getspent(3) expire fields are not well documented and there
is at least one issue with how we interpret sp_lstchg now.

*** This bug has been marked as a duplicate of 14 ***
Comment 2 Damien Miller 2004-04-14 12:24:18 AEST 
Mass change of RESOLVED bugs to CLOSED