[rhn-users] force user to change password on first login
Sullivan, Michael
michael.sullivan at eds.com
Wed Feb 16 02:12:24 UTC 2005
Raj,
The users account should fall into the system wide policy. In
etc/login.defs the value for PASS_MAX_DAYS should be set to 90. Then every
account on the box will expire in the 90 day rotation. Good practice for
security reasons!!
You then don't have to account for it in your useradd() script.
As for forcing the user to change their password at first login, in your
script when you set the users "default" password with passwd(), use the " -f
" option to force a password change on first login. You can also do some
other "timed" password change options if you know the user isn't going to
login "..right now....but you don't want the account to remain available
for, lets say two weeks...." This is good in the event your always using the
same default password for your new users. Prevents the "Internal Attacks",
if you know what I mean.
--Mike.
CONFIDENTIALITY NOTICE: This email from EDS is for the sole use of the
intended recipient and may contain confidential and privileged information.
Any unauthorized review or use, including disclosure or distribution is
prohibited. If you are not the intended recipient, please contact the
sender and destroy all copies of the email.
-----Original Message-----
From: rhn-users-bounces at redhat.com [mailto:rhn-users-bounces at redhat.com] On
Behalf Of Raj Kumar
Sent: Tuesday, February 15, 2005 5:28 PM
To: Red Hat Network Users List
Subject: [rhn-users] force user to change password on first login
Hello,
We have a script to create users accounts and set some default passwords. We
want to force the user to change their passwords on their first login. After
that, we want to force users to change password for every 90 days. How do I
achieve this?
chage -M 90 might force the user to change his password after 90 days from
last change. But how do I force the user to change their password on first
login? chage -M 0 ?? But after issuing chage -M 0 when i login using ssh i
get an error message:
You are required to change your password immediately (password aged)
Your password has expired, the session cannot proceed.
Connection to 192.168.2.4 closed.
Thank you!
Raj
<http://clients.rediff.com/signature/track_sig.asp>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/rhn-users/attachments/20050215/9e767997/attachment.htm>
More information about the rhn-users
mailing list