Re: [suse-security] Passwords displayed in clear text upon expiring

4 Jun 2002

      I thought about that, too, after the fact...  It occurred under each type
I tried - konsole, gnome terminal, and ssh terminal client under windows.
All using ssh2.  I tried to reproduce it on a machine at home with no luck
(or maybe that is good luck).  Are there any particular terminal settings
I could look for?

The only difference really between the machines is that the one echoing
the passwords also happens to be an NIS server.  As it turns out, NIS does
not handle expired passwords well anyway, so I will probably go back to
the trusty method of asking nicely.  Just running passwd on the server or
clients works fine.

I would be interested if anyone else running a NIS server or otherwise can
duplicate the problem.

For clarity, these were all SuSE 7.3 boxen.

Thanks.

On Tue, 4 Jun 2002, Markus Gaugusch wrote:
...
...
When adding a new user, I set their password as expired so they have to
change it at first login.
chage -d 0 <username>
But at their first login, when it prompts for the old password then the new
one, they are echoed.  Bug, or am I missing something?
This depends on terminal settings, too. Which type of login/terminal
On Jun 3, michael stone  wrote:
program are they using? Hopefully SSH and not telnet?
Markus
--
__________________    /"\
Markus Gaugusch       \ /    ASCII Ribbon Campaign
markus@gaugusch.at     X     Against HTML Mail
                      / \
--
To unsubscribe, e-mail: suse-security-unsubscribe@suse.com
For additional commands, e-mail: suse-security-help@suse.com
Security-related bug reports go to security@suse.de, not here
--
Michael Stone
Linux / High Performance Computing Administrator

The University of Texas at Austin
Mechanical Engineering Department
ETC 3.130     ph: 471.5951
agentsmith@mail.utexas.edu