[39421] in Kerberos
Re: Force to change password for users
daemon@ATHENA.MIT.EDU (Ken Hornstein via Kerberos)
Fri Apr 19 13:35:52 2024
Message-Id: <202404191734.43JHYWQK028397@hedwig.cmf.nrl.navy.mil>
To: Carlos Lopez <clopmz@outlook.com>
In-Reply-To: <PRAP251MB0567B093E24E8C80B382C245DB0D2@PRAP251MB0567.EURP251.PROD.OUTLOOK.COM>
MIME-Version: 1.0
Date: Fri, 19 Apr 2024 13:34:32 -0400
From: Ken Hornstein via Kerberos <kerberos@mit.edu>
Reply-To: Ken Hornstein <kenh@cmf.nrl.navy.mil>
Cc: "kerberos@mit.edu" <kerberos@mit.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
>User acquires kerberos ticket and login session is authorized. This log
>is for a ssh access ...
I think you're missing some of the details that Greg is asking. When you
say "ssh access", do you mean that you are using gssapi-with-mic or
gssapi-keyex authentication with ssh, or does ssh ask for the user's
Kerberos password? If the latter, ssh does not have that native ability,
so it it going through the PAM stack to make that happen? If so, which
PAM module are you using?
--Ken
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
