password expiration

password expiration

Post by Ing. J Gabriel Ruiz Pin » Wed, 23 Oct 1991 06:12:22



   I have a problem with the password expiration scheme on AIX 3.1.5.
When a user password has expired and some body tries to login to that
account, the login program sends a prompt requesting the old password.
   But, the problem is that I can type just a <RETURN> and the login
program skips the old password verification, and then asks for a new
one!!!

   For example:

csh> login news
3004-609 Your password has expired.
        Please choose a new password.
news's Old password: <RETURN>
news's New password: my-new-password
Enter the new password again: my-new-password

   Any body knows something about this? Is something wrong with my
configuration?

--

Ing. Sistemas Electronicos
Depto. de Tecnologia Computacional y de Informacion
I.T.E.S.M. Campus Monterrey

 
 
 

password expiration

Post by Esa Kare » Thu, 24 Oct 1991 15:58:30


This is a know notorious bug. Get a fix from your local IBM support.


Tel. +358-0 513 081          

 
 
 

password expiration

Post by bi.. » Fri, 25 Oct 1991 15:31:02



|> Gabriel Ruiz Pinto) says:
|> >   For example:
|> >
|> >csh> login news
|> >3004-609 Your password has expired.
|> >        Please choose a new password.
|> >news's Old password: <RETURN>
|> >news's New password: my-new-password
|> >Enter the new password again: my-new-password

Just experienced the same behaviour here - not too ompressive...
I'll give IBM a call when they open

        Bjorn

 /////////////////////////////////////\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
 But, but, everyone KNOWS that all the answers can be found in manuals!
 Don't you still have your copy of "Life: A User's Manual", that came with
 your wetware? :)
 \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\////////////////////////////////////

 
 
 

password expiration

Post by bi.. » Fri, 25 Oct 1991 17:34:42


There is a fix for this, provided that you aer on 2006...
2006 are not distributed unless the customer "experiences problems"
and requests it...
Forgot tha apar number (sorry).

        Bjorn

 
 
 

password expiration

Post by Zvika Bar-Dero » Fri, 25 Oct 1991 11:38:36



Gabriel Ruiz Pinto) says:

Quote:

>   I have a problem with the password expiration scheme on AIX 3.1.5.
>When a user password has expired and some body tries to login to that
>account, the login program sends a prompt requesting the old password.
>   But, the problem is that I can type just a <RETURN> and the login
>program skips the old password verification, and then asks for a new
>one!!!

>   For example:

>csh> login news
>3004-609 Your password has expired.
>        Please choose a new password.
>news's Old password: <RETURN>
>news's New password: my-new-password
>Enter the new password again: my-new-password

>   Any body knows something about this? Is something wrong with my
>configuration?

This sounds like a HUGE security hole, and unless you have actually
modified the respective programs, it shouldn't matter what you have
configured. My only advice - get your level 1/2 open a PMR asap, and
make them understand how serious this is .. and if they try to tell
you that in the next release the problem's solved, insist on getting
a PTF immediately - the next release is not yet here, and even if it
were you don't have to update the day you get it !

Good luck, and let me/us know what happened with the support center.


>Ing. Sistemas Electronicos
>Depto. de Tecnologia Computacional y de Informacion
>I.T.E.S.M. Campus Monterrey

/Zvika

Zvika Bar-Deroma                                  Phone: (+972)-4-292706
Faculty of Aerospace Engineering,                 Fax  : (+972)-4-231848
Technion
Haifa 32000
Israel



UUCP          :   ...!uunet!pucc.princeton.edu!technion!aer7101

 
 
 

1. password expiration problem with XDM

We've recently turned-on password aging on our RS/6000s, running
AIX 4.1, and on some (but not all) we've had a problem with XDM.
The user logs in, gets the prompt saying that the password has
expired, clicks on "ok" to reset the password, and is immediately
put back at the login prompt;  the password prompt is never displayed.
As near as I can tell, what should happen is that /usr/dt/bin/dtlogin
should run /usr/bin/X11/aixterm -e /bin/passwd joeuser, which of course
then runs /bin/passwd joeuser.

I'm by no means a CDE expert, but I see no obvious differences in config
files.  Help!

Mark

2. sshd as a daemon or part of inetd ? whats best ?

3. Password expiration problem

4. Can Linux make fully use of dual CPU PC?

5. Users are not getting password expiration messages

6. Anonymous ftp help!!

7. Password Expiration in SunOS?

8. Adding terminal via serial port

9. Password expiration?

10. password expiration check script

11. Password expiration policy write-up

12. Password expiration

13. NFS Maestro Password Expiration...