[rhn-users] force user to change password on first login

Raj Kumar rajkum2002 at rediffmail.com
Thu Feb 17 16:04:39 UTC 2005 

Hello Mike,

Thanks for replying to my posting.

I changed the password for user1 using "passwd -f user1" as root. I logged in successfully without any warnings that user1 password will expire soon. I'll try log in tomorrow as user1 and see if I will get the warning. I may be wrong, but I think I wont get the error/warning message since the password doesn't expire until May 18, 2005

chage  -l user1
Minimum:        0
Maximum:        90
Warning:        7
Inactive:       -1
Last Change:            Feb 17, 2005
Password Expires:       May 18, 2005
Password Inactive:      Never
Account Expires:        Never

I was just wondering what meta information will show that user1 will be given warning message after 24hrs. 

Thanks again for your help!

Raj

PS: I am sending this email to rhn-users list now... hope this info will be useful to others...

On Wed, 16 Feb 2005 Sullivan,Michael wrote :
>Hello Raj,
>
>You did interpret that correctly.  The user now will be prompted to change
>their password in 24hrs after first login and the global policy has been
>applied to the account. (password expiration in 90 days.)
>
>--Mike.
>
>CONFIDENTIALITY NOTICE:  This email from EDS is for the sole use of the
>intended recipient and may contain confidential and privileged information.
>Any unauthorized review or use, including disclosure or distribution is
>prohibited.  If you are not the intended recipient, please contact the
>sender and destroy all copies of the email.
>
>-----Original Message-----
> From: Raj Kumar [mailto:rajkum2002 at rediffmail.com]
>Sent: Wednesday, February 16, 2005 7:55 AM
>To: Sullivan,Michael
>Subject: Re: RE: [rhn-users] force user to change password on first login
>
>
>
>Mike,
>
>Thanks for your reply!
>
>man passwd:
>
>-u    This  is  the  reverse  of  the  -l  option - it will unlock the
>account password by removing the ! prefix. This option is avail-
>able  to  root  only.  By default passwd will refuse to create a
>passwordless account (it will not unlock  an  account  that  has
>only  "!" as a password). The force option -f will override this
>protection.
>
>It looks like -f is just a "force option". so as root I tried
>passwd -f user1
>... entered new password
>
>logged in as user1 successfully. The reason I believe the login was
>successful becoz
>
>chage -l user1-- before issuing passwd -f user1
>
>Minimum:        0
>Maximum:        90
>Warning:        7
>Inactive:      -1
>Last Change:            Feb 05, 2005
>Password Expires:      May 06, 2005
>Password Inactive:      Never
>Account Expires:        Never
>
>chage -l user1-- after issuing passwd -f user1
>
>Minimum:        0
>Maximum:        90
>Warning:        7
>Inactive:      -1
>Last Change:            Feb 16, 2005
>Password Expires:      May 17, 2005
>Password Inactive:      Never
>Account Expires:        Never
>
>---Password Expires:      May 17, 2005
>Since the password expires on May 17, I was not forced to change the
>password after log in as user1.
>
>Did I interpret it incorrectly?
>
>Thanks again for your help!!
>
>Raj
>
>On Wed, 16 Feb 2005 Sullivan,Michael wrote :
> >Raj,
> >
> >The users account should fall into the system wide policy.  In
> >etc/login.defs the value for PASS_MAX_DAYS should be set to 90.  Then every
> >account on the box will expire in the 90 day rotation.  Good practice for
> >security reasons!!
> >
> >You then don't have to account for it in your useradd() script.
> >
> >As for forcing the user to change their password at first login, in your
> >script when you set the users "default" password with passwd(), use the "
>-f
> >" option to force a password change on first login.  You can also do some
> >other "timed" password change options if you know the user isn't going to
> >login "..right now....but you don't want the account to remain available
> >for, lets say two weeks...." This is good in the event your always using
>the
> >same default password for your new users.  Prevents the "Internal Attacks",
> >if you know what I mean.
> >
> >--Mike.
> >
> >
> >
> >CONFIDENTIALITY NOTICE:  This email from EDS is for the sole use of the
> >intended recipient and may contain confidential and privileged information.
> >Any unauthorized review or use, including disclosure or distribution is
> >prohibited.  If you are not the intended recipient, please contact the
> >sender and destroy all copies of the email.
> >
> >-----Original Message-----
> > From: rhn-users-bounces at redhat.com [mailto:rhn-users-bounces at redhat.com]
>On
> >Behalf Of Raj Kumar
> >Sent: Tuesday, February 15, 2005 5:28 PM
> >To: Red Hat Network Users List
> >Subject: [rhn-users] force user to change password on first login
> >
> >
> >
> >Hello,
> >
> >We have a script to create users accounts and set some default passwords.
>We
> >want to force the user to change their passwords on their first login.
>After
> >that, we want to force users to change password for every 90 days. How do I
> >achieve this?
> >
> >chage -M 90 might force the user to change his password after 90 days from
> >last change. But how do I force the user to change their password on first
> >login? chage -M 0 ?? But after issuing chage -M 0 when i login using ssh i
> >get an error message:
> >
> >You are required to change your password immediately (password aged)
> >Your password has expired, the session cannot proceed.
> >Connection to 192.168.2.4 closed.
> >
> >
> >Thank you!
> >Raj
> >
> >
> >
> >
> >  <http://clients.rediff.com/signature/track_sig.asp>
> >
>
>
>
>
>  <http://clients.rediff.com/signature/track_sig.asp>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/rhn-users/attachments/20050217/8295562e/attachment.htm>

More information about the rhn-users mailing list