Sheldon Bishov wrote:
I'm working to get a client to handle the SSH_MSG_USERAUTH_PASSWD_CHANGEREQmessage for password change on UNIX server, and am checking for implementations that support this mechanism. Have tested a few UNIXimplementations, so far none use that message, instead run passwd in a shell context. Am starting to check secsh mail archive also.
I did patches for OpenSSH that did this. The patch (against OpenSSH 3.5p1) is still available at the link below. It should work on AIX and platforms using /etc/shadow, but I would not recommend using it in production.
I gave up on PASSWD_CHANGEREQ after this patch. As Joseph pointed out, the interface to change a password varies wildly from system to system (and rebuilding /etc/shadow like it does seems like a nasty thing to do). The real killer, however, was that to use this for real you would also have to support every system's password complexity rules too (eg /etc/default/passwd on Solaris) and those vary even more.
http://www.zip.com.au/~dtucker/openssh/openssh-3.5p1-passexpire8.patch
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.