[c-nsp] Error in tacacs

Mark D. Nagel mnagel at willingminds.com
Sat May 27 20:32:30 EDT 2006


Brian McMahon wrote:
> What happens when you SSH or telnet into the host (the one whose /etc/ 
> shadow you're authenticating against) directly?  
Older versions of OpenSSH do not necessarily pay attention to the 
password expiration field.  You could, for example, be authenticating 
via some means other than password, so the check may never be done.  How 
to check the expiration by other means varies by platform.  The OP did 
not indicate the platform, but on Linux you can run 'passwd -S username' 
as root to list account information.  On Solaris, 'passwd -s username' 
will provide similar information.  Or, you could just assume tac_plus 
knows from what it speaks and reset the expiration date on the affected 
account :).

Mark

-- 
Mark D. Nagel, CCIE #3177 <mnagel at willingminds.com>
Principal Consultant, Willing Minds LLC (http://www.willingminds.com)
tel: 714-630-4772, fax: 714-630-4773, fwd: 680979 



More information about the cisco-nsp mailing list