Return
-
Title
Smartcard Users Getting Password Expired Error After Upgrading -
Description
Smartcard users authenticating using Authentication Services recieve a "password expired" error after upgrading Authentication Services to version 4.2.4 or higher. -
Cause
Due to some recent fixes post-version 4.2.1, access control has changed.Password prompts are coming from vasd and not from the library.The vasd daemon checks and then insists on a password change.Even though pam_vas_smartcard handles the authentication, pam_vas handles the access control. -
Resolution
Within the pam_vas.so module no_passwordexpired_check can be supplied on the account line so that the expired password iis no longer checked for.The setting will go into the /etc/pam.d/password-auth file in the account section as follows:account sufficient pam_vas3.so no_passwordexpired_check
Once done authentications should succeed with no further errors.