--- /dev/null
+diff -ur openssh-1.2pre15/sshd.c openssh-1.2pre15.new/sshd.c
+--- openssh-1.2pre15/sshd.c Thu Nov 25 01:54:59 1999
++++ openssh-1.2pre15.new/sshd.c Thu Dec 2 19:43:53 1999
+@@ -253,15 +253,21 @@
+ }
+
+ pam_retval = pam_acct_mgmt((pam_handle_t *)pamh, 0);
+- if (pam_retval != PAM_SUCCESS) {
+- log("PAM rejected by account configuration: %.200s", PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
+- do_fake_authloop(username);
+- }
++ if(pam_retval == PAM_NEW_AUTHTOK_REQD) {
++ forced_command = xmalloc(strlen("/usr/bin/passwd -N ssh") + 1);
++ strcpy(forced_command, "/usr/bin/passwd -N ssh");
++/* pam_retval = pam_chauthtok((pam_handle_t *)pamh, PAM_CHANGE_EXPIRED_AUTHTOK); */
++ } else {
++ if (pam_retval != PAM_SUCCESS) {
++ log("PAM rejected by account configuration: %.200s", PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
++ do_fake_authloop(username);
++ }
+
+- pam_retval = pam_open_session((pam_handle_t *)pamh, 0);
+- if (pam_retval != PAM_SUCCESS) {
+- log("PAM session setup failed: %.200s", PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
+- do_fake_authloop(username);
++ pam_retval = pam_open_session((pam_handle_t *)pamh, 0);
++ if (pam_retval != PAM_SUCCESS) {
++ log("PAM session setup failed: %.200s", PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
++ do_fake_authloop(username);
++ }
+ }
+ }
+ #endif /* HAVE_LIBPAM */