USER PASSWORDS

if we are not rotating password every "X" number of days, what's the
best way to force a user to change their password the next time they
log in ? we are on RedHat v.8

thanks...

On 2005-05-20, new2linuxos <(E-Mail Removed)> wrote:
> best way to force a user to change their password the next time they
> log in ?

Change it, when they complain they can't login anymore tell them
that is "because you're probably mistyping it".

Davide

--
"In a small way, Windows NT is a Unix." -Bill Gates
Because of the way it resembles something decent that's been emasculated?
--adamsc

In comp.os.linux.networking Davide Bianchi <(E-Mail Removed)>:
> On 2005-05-20, new2linuxos <(E-Mail Removed)> wrote:
>> best way to force a user to change their password the next time they
>> log in ?

> Change it, when they complain they can't login anymore tell them
> that is "because you're probably mistyping it".

LOL.

Depends on the system, some have a 'passwd' option to do it, if
using pam it should be possible to do through 'chage'. The fine
manuals 'man passwd' and 'man chage' should have full info.

Just be aware that this only works through kdm and alike
graphical login with pretty recent versions. It's unlikely
something EOL like the OP is running will work from GUI login.

--
Michael Heiming (X-PGP-Sig > GPG-Key ID: EDD27B94)
mail: echo (E-Mail Removed) | perl -pe 'y/a-z/n-za-m/'
#bofh excuse 228: That function is not currently supported, but
Bill Gates assures us it will be featured in the next upgrade.

In article <(E-Mail Removed). com>,
"new2linuxos" <(E-Mail Removed)> writes:
> if we are not rotating password every "X" number of days, what's the
> best way to force a user to change their password the next time they
> log in ? we are on RedHat v.8

Changing their shell to a restricted one which makes an announcement
about the need to change password, and allows only the command passwd,
is a common technique.

However, I suggest you make some pre-printed post-it notes which remind
them when to change, and leave space for them to add their new password.
If they have to keep changing their password, then they'll need to stick
that on the side of their screen so they can remember it :->

As an infrequent user of an IBM mainframe a number of years ago, I got
annoyed with it wanting me to me change my password every single time I
logged on (which happened to be at intervals longer than its "X" days).
It wouldn't even let me change my password to something else and then
immediately back to the one I used before. Using the Unix system I
was more familiar with, I wrote a send/expect script to log onto the IBM
mainframe, change my password to something random N times, and then
change it back to the password I had before. I reasoned it would only
store a finite number of my previous passwords, and discovered the
minimum N necessary was 20. The iditotic option on password change
which its administrator had decided on never troubled me again.

Tim Clark

Tim Clark wrote:

> Using the Unix system I
> was more familiar with, I wrote a send/expect script to log onto the IBM
> mainframe, change my password to something random N times, and then
> change it back to the password I had before. I reasoned it would only
> store a finite number of my previous passwords, and discovered the
> minimum N necessary was 20. The iditotic option on password change
> which its administrator had decided on never troubled me again.

Of course the way to "fix" that, is to set a minimum time between password
changes. ;-)