Force password change (PAMAuthenticator)

Sylvain · May 22, 2025, 12:32pm

Hi,

I’m trying to achieve the following action : users registered in Jupytherhub must change their password every 6 months.

To ensure this, I thought that using the PAMAuthenticator authenticator class might help, and define password expiration policy with cgage (chage --lastday 0 my_admin to test it). However, I get an error message and can’t change password (except if I log in in ssh, but users will use the web interface so I want to trigger the password change workflow from the login form if needed) :

jupyterhub  | [W 2025-05-22 10:17:30.321 JupyterHub auth:1402] PAM Authentication failed (my_admin@::ffff:172.19.0.1): [PAM Error 12] Authentication token is no longer valid; new one required

Is it possible to trigger a password change in jupytherhub ? Should I use another authenticator class to achieve this ?

Thanks !

mahendrapaipuri · May 22, 2025, 12:53pm

This is not possible with PAMAuthenticator and AFAIK there none of the officially supported JupyterHub authenticators support password expiration policy. There is NativeAuthenticator where users can change their password via web browser but it does not enforce the expiration policy.

Topic		Replies	Views
How to change admin password using LocalAuthenticator JupyterHub help-wanted	2	1522	August 14, 2023
How admin can change user passed with NativeAuthenticator JupyterHub how-to	2	652	November 11, 2021
Configuring PAMAuthenticator executor JupyterHub jupyterhub , how-to , help-wanted , question	7	171	August 6, 2024
Create a new user and an admin JupyterHub community , jupyterhub , how-to , help-wanted	1	2184	June 22, 2023
PAMauthenticator with dummy Users and Passwords JupyterHub	4	723	August 23, 2023

Force password change (PAMAuthenticator)

Related topics