[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
Re: reset user password?
- From: Werner Puschitz <wp puschitz com>
- To: "Red Hat User's Mailing List" <redhat-list redhat com>
- Subject: Re: reset user password?
- Date: Wed, 31 Oct 2001 00:31:34 -0500 (EST)
On Tue, 30 Oct 2001, Mikkel L. Ellertson wrote:
> On Tue, 30 Oct 2001, Werner Puschitz wrote:
>
> > On Tue, 30 Oct 2001, Anthony E. Greene wrote:
> >
> > > On Wed, 31 Oct 2001, gary wrote:
> > > >In fact, I'm looking for some where to set, so that when user login next
> > > >time, the system will ask for new password and confirm password after
> > > >entering login name (without asking for old password)
> > >
> > > How will the system know that this person is authorized to change the
> > > password?
> >
> > When you force someone to change the password at the next login, e.g.
> > "chage -d 0 [username]", then this is what happenes:
> >
> > login: test
> > Password:
> > You are required to change your password immediately (root enforced)
> > Changing password for test
> > (current) UNIX password: <<<====================
> > New password:
> > Retype new password:
> > Last login: Tue Oct 30 23:49:50 from 210.210.210.10
> > [test mars test]$
> >
> > So you already logged in to the system with the current password but you
> > have to provide your current password AGAIN. This always confuses people
> > when I do this for new created user accounts.
> > After you logged in, you should not be asked again for the current
> > password. E.g. AIX doesn't do this.
> >
> > Werner
> >
> Your current password is required for more then just changing your
> password. You need to supply it if you are changing your shell (chsh),
> your finger information (chfn), and probably others. I does seam kind
> of dumb when changing your password after you have just logged in, but I
> like it at other times.
>
> I can remember people pulling pranks on people when they left their
> terminal for a moment, and didn't log out. They would come back, and
> never knwo their password, finger information, or shell had been changed
> untill the next time they logged in, or tried to...
>
> Mikkel
>
I definitely agree with that. A password should be required for these kind
of changes. But having to provide a password twice during a single login
process just doesn't look ok. That's what I was referring to.
Werner
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]