[c-nsp] Error in tacacs
Mark D. Nagel
mnagel at willingminds.com
Sat May 27 20:32:30 EDT 2006
Brian McMahon wrote:
> What happens when you SSH or telnet into the host (the one whose /etc/
> shadow you're authenticating against) directly?
Older versions of OpenSSH do not necessarily pay attention to the
password expiration field. You could, for example, be authenticating
via some means other than password, so the check may never be done. How
to check the expiration by other means varies by platform. The OP did
not indicate the platform, but on Linux you can run 'passwd -S username'
as root to list account information. On Solaris, 'passwd -s username'
will provide similar information. Or, you could just assume tac_plus
knows from what it speaks and reset the expiration date on the affected
account :).
Mark
--
Mark D. Nagel, CCIE #3177 <mnagel at willingminds.com>
Principal Consultant, Willing Minds LLC (http://www.willingminds.com)
tel: 714-630-4772, fax: 714-630-4773, fwd: 680979
More information about the cisco-nsp
mailing list