Mailinglist Archive: opensuse-security (499 mails)

< Previous Next >
Re: [suse-security] Passwords displayed in clear text upon expiring
I thought about that, too, after the fact... It occurred under each type
I tried - konsole, gnome terminal, and ssh terminal client under windows.
All using ssh2. I tried to reproduce it on a machine at home with no luck
(or maybe that is good luck). Are there any particular terminal settings
I could look for?

The only difference really between the machines is that the one echoing
the passwords also happens to be an NIS server. As it turns out, NIS does
not handle expired passwords well anyway, so I will probably go back to
the trusty method of asking nicely. Just running passwd on the server or
clients works fine.

I would be interested if anyone else running a NIS server or otherwise can
duplicate the problem.

For clarity, these were all SuSE 7.3 boxen.


On Tue, 4 Jun 2002, Markus Gaugusch wrote:

> On Jun 3, michael stone <mike@xxxxxxxxxxxxx> wrote:
> > When adding a new user, I set their password as expired so they have to
> > change it at first login.
> > chage -d 0 <username>
> > But at their first login, when it prompts for the old password then the new
> > one, they are echoed. Bug, or am I missing something?
> This depends on terminal settings, too. Which type of login/terminal
> program are they using? Hopefully SSH and not telnet?
> Markus
> --
> __________________ /"\
> Markus Gaugusch \ / ASCII Ribbon Campaign
> markus@xxxxxxxxxxx X Against HTML Mail
> / \
> --
> To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
> For additional commands, e-mail: suse-security-help@xxxxxxxx
> Security-related bug reports go to security@xxxxxxx, not here
Michael Stone
Linux / High Performance Computing Administrator

The University of Texas at Austin
Mechanical Engineering Department
ETC 3.130 ph: 471.5951

< Previous Next >
Follow Ups