I thought about that, too, after the fact... It occurred under each type I tried - konsole, gnome terminal, and ssh terminal client under windows. All using ssh2. I tried to reproduce it on a machine at home with no luck (or maybe that is good luck). Are there any particular terminal settings I could look for? The only difference really between the machines is that the one echoing the passwords also happens to be an NIS server. As it turns out, NIS does not handle expired passwords well anyway, so I will probably go back to the trusty method of asking nicely. Just running passwd on the server or clients works fine. I would be interested if anyone else running a NIS server or otherwise can duplicate the problem. For clarity, these were all SuSE 7.3 boxen. Thanks. On Tue, 4 Jun 2002, Markus Gaugusch wrote:

On Jun 3, michael stone <mike@spaceship.com> wrote:

...

When adding a new user, I set their password as expired so they have to change it at first login. chage -d 0 <username> But at their first login, when it prompts for the old password then the new one, they are echoed. Bug, or am I missing something? This depends on terminal settings, too. Which type of login/terminal program are they using? Hopefully SSH and not telnet?

Markus -- __________________ /"\ Markus Gaugusch \ / ASCII Ribbon Campaign markus@gaugusch.at X Against HTML Mail / \

-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here

-- Michael Stone Linux / High Performance Computing Administrator The University of Texas at Austin Mechanical Engineering Department ETC 3.130 ph: 471.5951 agentsmith@mail.utexas.edu