On Mon, Feb 04, 2002 at 07:35:50PM -0700, Dan O'Reilly wrote:
> At 07:29 PM 2/4/2002, Frank Cusack wrote:
> >On Mon, Feb 04, 2002 at 04:51:30PM -0700, Joseph Galbraith wrote:
> >
> > > 2. Add a message like SSH_MSG_USERAUTH_PASSWD_EXPIRING
> > > which included how much time was left before
> > > expiration. The server would send this and
> > > the usual success or partial failure message.
> > > The client would display a "You password will
> > > expire in n days. Would you like to change
> > > it now?"
> >
> >Also, I think this should be implemented. Almost all (if not all)
> >modern unices support warning before password expiration; ssh should
> >support this.
>
> True, they support warning, but how many prompt as option 2 would? From
Yeah, you are right, no system (I know of) prompts and then gives you the
option to change your password.
> my standpoint, I'm more interested in VMS than UNIX systems, but the same
> question applies. If none do, this strikes me more as "gilding the lilly";
> i.e., putting something in because it's potentially neat to do, rather
> than useful or being used in the real world.
I think there does need to be a way to pass the warning message, which
currently does not exist in the "password" method. There could be a
generic SSH_MSG_USERAUTH_PASSWD_MESSAGE. The PASSWD_EXPIRING message
has the advantage that the client can prompt the user to change it now,
but the disadvantage of being a very specific message. While in principle
I like the general case, the "password" method already has a design of
very specific messages, I believe this should continue for consistency.
If you want to handle generic/arbitrary messages, use keyboard-interactive.
So, in the above, instead of "The client would display ...", it seems better
to read "The client would display a warning message, and possibly prompt
the user to change the password now".