On Unix, Tectia Server enforces the changing of expired passwords. For more information, see the section called “Forcing Password Change”.
On Windows, password change is handled differently than on Unix platforms, and it is not configurable. If the server requires a password change for an account, the user will be prompted to change the password during authentication, right after the validation of the old password. The user will be logged on after a successful password change.
Some third-party SSH clients may allow users to request password change themselves during authentication. In that case, it will be handled the same way as it would have been enforced by server.
For accounts with empty password, and whose logon is disabled by policy: "Accounts: Limit local account use of blank passwords to console logon only", the user will be prompted to change the password even when the user is not able to log on otherwise using password authentication.