Password aging

Allen, Jack Jack.Allen at McKesson.com
Thu Aug 18 00:58:21 UTC 2005 


-----Original Message-----
From: jludwig [mailto:wralphie at comcast.net] 
Sent: Wednesday, August 17, 2005 8:21 PM
To: Getting started with Red Hat Linux
Subject: Re: Password aging


On Wednesday 17 August 2005 06:46 pm, Allen, Jack wrote:
> I have AS 4 64 bit installed. I have tried to enable password aging, but
> can not get it to work. I have used the chage command to change the
> expiration day. I can show it should have expired by doing "chage -l
> login_name". When I login I do not get a warning, and I am not asked to
> change my password. Is there some other configuration file that needs to
> be changed to enable it? The system is configured with shadow and md5
> encryption.

From;
man chage

       The  -E  option is used to set a date on which the user's account
will 
no longer be accessible.  The expiredate option is the number of days since
January 1, 1970 on which the accounted is locked.  The date may also be 
expressed in the format YYYY-MM-DD (or the format more  commonly  used  in
 your area).  A user whose account is locked must contact the system 
administrator before being able to use the system again.

Did you set this?

	I am not trying to lock the account. I am trying to force the user
to change their password after a certain number of days. You know company
rules. What should be happening is the user connects to the system, provides
their login name and then gets prompted for their password. After they enter
the password they should get a message that their password has expired and
please enter a new one. In other words it would be like they got logged in
and received a message to change their password and they entered "passwd".

	I assume it is the login program that handles this by what it finds
in the shadow file. I have also looked for configuration options for login,
to try and determine if it should be paying any attention to the aging
information in the shadow file. I could not find anything. I have even
looked a PAM and found /etc/pam.d/login. But I determined by looking at the
last accessed time on the file that it was not being accessed when I tested
logging in. So I am still looking for what controls making the user change
their password after some number of days.

_______________________________________________
Redhat-install-list mailing list
Redhat-install-list at redhat.com
https://www.redhat.com/mailman/listinfo/redhat-install-list
To Unsubscribe Go To ABOVE URL or send a message to:
redhat-install-list-request at redhat.com
Subject: unsubscribe

More information about the Redhat-install-list mailing list